Override DevTools security summary when a Safe Browsing warning shows.

Override DevTools security summary when a Safe Browsing warning shows.

When a Safe Browsing warning is showing, the Developer Tools Security
panel should show custom text in the summary area.

BUG=654600
Committed: https://crrev.com/7a5785c7cb84a522fc8b148bb80afbd74acbc695
Cr-Commit-Position: refs/heads/master@{#438968}

[elawrence, 2016-12-01 16:10:06]

The CQ bit was checked by elawrence@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-12-01 16:10:24]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-12-01 17:49:13]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-12-01 17:49:14]

Dry run: Try jobs failed on following builders:
  win_chromium_rel_ng on master.tryserver.chromium.win (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_rel_...)

[elawrence, 2016-12-05 18:36:57]

The CQ bit was checked by elawrence@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-12-05 18:37:18]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-12-05 21:51:28]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-12-05 21:51:29]

Dry run: Try jobs failed on following builders:
  linux_chromium_rel_ng on master.tryserver.chromium.linux (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)

[elawrence, 2016-12-06 22:33:49]

Patchset #4 (id:60001) has been deleted

[elawrence, 2016-12-06 22:34:04]

Patchset #5 (id:100001) has been deleted

[elawrence, 2016-12-06 22:35:46]

elawrence@chromium.org changed reviewers:
+ estark@chromium.org

[elawrence, 2016-12-06 22:35:46]

elawrence@chromium.org changed required reviewers:
+ estark@chromium.org

[elawrence, 2016-12-06 22:35:47]

The Closure Compiler is finally happy. Can you PTAL? Thanks!

[estark, 2016-12-07 01:00:09]

Thanks, lgtm with a few nits/questions.

A devtools reviewer will ask you to attach a screenshot of the change to the
bug, so you might want to do that preemptively. :)

https://codereview.chromium.org/2542533004/diff/120001/chrome/browser/ssl/sec...
File chrome/browser/ssl/security_state_tab_helper_browser_tests.cc (right):

https://codereview.chromium.org/2542533004/diff/120001/chrome/browser/ssl/sec...
chrome/browser/ssl/security_state_tab_helper_browser_tests.cc:1596:
EXPECT_TRUE(observer.latest_explanations().summary.empty());
redundant

https://codereview.chromium.org/2542533004/diff/120001/components/security_st...
File components/security_state_strings.grdp (right):

https://codereview.chromium.org/2542533004/diff/120001/components/security_st...
components/security_state_strings.grdp:8: This page is dangerous, according to
Google Safe Browsing.
Can you please check this string with emilyschechter and/or maxwalker if you
haven't already?

https://codereview.chromium.org/2542533004/diff/120001/content/browser/devtoo...
File content/browser/devtools/protocol/security_handler.cc (right):

https://codereview.chromium.org/2542533004/diff/120001/content/browser/devtoo...
content/browser/devtools/protocol/security_handler.cc:135:
->set_summary(security_style_explanations.summary)
Maybe you only want to set this if |summary| is non-empty?

[elawrence, 2016-12-07 21:46:00]

Thanks for the quick turnaround!

> A devtools reviewer will ask you to attach a screenshot of the change to the
> bug, so you might want to do that preemptively. :)

Screenshot added here:
https://bugs.chromium.org/p/chromium/issues/detail?id=654600#c9

> redundant

Fixed.

> Can you please check this string with emilyschechter

Updated. EmilySchechter and I have landed on "This page is dangerous (flagged by
Google Safe Browsing)." which uses the same sort of language used by the
"Details" link in the omnibox warning.

> Maybe you only want to set this if |summary| is non-empty?

I don't know of a way to do that that works with the function call current
chaining and I don't think there's a performance or readability improvement to
changing it. Happy to be educated otherwise though!

[elawrence, 2016-12-07 22:02:28]

elawrence@chromium.org changed reviewers:
+ dgozman@chromium.org, jam@chromium.org

[elawrence, 2016-12-07 22:02:29]

dgozman@chromium.org: Please review changes in 

 third_party/WebKit/Source/core/inspector/browser_protocol.json
 third_party/WebKit/Source/devtools/front_end/security/SecurityModel.js
 third_party/WebKit/Source/devtools/front_end/security/SecurityPanel.js

jam@chromium.org: Please review changes in 
 content/browser/devtools/protocol/security_handler.cc
 content/public/browser/security_style_explanations.h
 content/public/browser/security_style_explanations.cc
 chrome/browser/safe_browsing/safe_browsing_blocking_page_test.cc
 components/security_state_strings.grdp

Thanks!

[dgozman, 2016-12-07 22:28:11]

https://codereview.chromium.org/2542533004/diff/140001/third_party/WebKit/Lay...
File
third_party/WebKit/LayoutTests/http/tests/inspector/security/security-blocked-mixed-content-and-malicious.html
(right):

https://codereview.chromium.org/2542533004/diff/140001/third_party/WebKit/Lay...
third_party/WebKit/LayoutTests/http/tests/inspector/security/security-blocked-mixed-content-and-malicious.html:10:
InspectorTest.mainTarget.model(Security.SecurityModel).dispatchEventToListeners(Security.SecurityModel.Events.SecurityStateChanged,
new Security.PageSecurityState(Protocol.Security.SecurityState.Secure, [], "This
page is dangerous, according to Google Safe Browsing.", insecureContentStatus,
true));
Let's use dummy text instead?

https://codereview.chromium.org/2542533004/diff/140001/third_party/WebKit/Lay...
File
third_party/WebKit/LayoutTests/http/tests/inspector/security/security-secure-but-malicious.html
(right):

https://codereview.chromium.org/2542533004/diff/140001/third_party/WebKit/Lay...
third_party/WebKit/LayoutTests/http/tests/inspector/security/security-secure-but-malicious.html:11:
InspectorTest.mainTarget.model(Security.SecurityModel).dispatchEventToListeners(Security.SecurityModel.Events.SecurityStateChanged,
new Security.PageSecurityState(Protocol.Security.SecurityState.Secure, [], "This
page is dangerous, according to Google Safe Browsing.", insecureContentStatus,
true));
ditto

https://codereview.chromium.org/2542533004/diff/140001/third_party/WebKit/Sou...
File third_party/WebKit/Source/core/inspector/browser_protocol.json (right):

https://codereview.chromium.org/2542533004/diff/140001/third_party/WebKit/Sou...
third_party/WebKit/Source/core/inspector/browser_protocol.json:909: { "name":
"summary", "type": "string", "description": "User-visible description of the
state.", "optional": true },
Don't make it optional if you always set it. In fact, looks like most of the
fields should not be optional here.

[jam, 2016-12-08 17:01:44]

lgtm

[elawrence, 2016-12-08 23:02:12]

The CQ bit was checked by elawrence@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-12-08 23:03:12]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-12-08 23:15:50]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-12-08 23:15:51]

Dry run: Try jobs failed on following builders:
  win_chromium_rel_ng on master.tryserver.chromium.win (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_rel_...)

[elawrence, 2016-12-09 16:07:28]

The CQ bit was checked by elawrence@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-12-09 16:07:53]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-12-09 16:19:20]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-12-09 16:19:21]

Dry run: Try jobs failed on following builders:
  mac_chromium_compile_dbg_ng on master.tryserver.chromium.mac (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.mac/builders/mac_chromium_comp...)

[elawrence, 2016-12-09 17:02:11]

Patchset #7 (id:160001) has been deleted

[elawrence, 2016-12-09 17:10:49]

The CQ bit was checked by elawrence@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-12-09 17:11:12]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[elawrence, 2016-12-09 17:38:22]

> Let's use dummy text instead?

Done.

> Don't make it optional if you always set it. In fact, looks like most of the
> fields should not be optional here.

I've confirmed that none of the fields need to be optional, so I've corrected
that. I've also placed them in a more logical order, which will hopefully be
useful for the next issue I'll be fixing in this code.

@dgozman, please take another look?

thanks!

[commit-bot: I haz the power, 2016-12-09 18:52:50]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-12-09 18:52:50]

Dry run: This issue passed the CQ dry run.

[dgozman, 2016-12-09 20:57:39]

https://codereview.chromium.org/2542533004/diff/180001/third_party/WebKit/Sou...
File third_party/WebKit/Source/core/inspector/browser_protocol.json (right):

https://codereview.chromium.org/2542533004/diff/180001/third_party/WebKit/Sou...
third_party/WebKit/Source/core/inspector/browser_protocol.json:908: { "name":
"summaryOverride", "type": "string", "description": "Overrides user-visible
description of the state." },
What does the "overrides" mean? Let's just say "summary", especially since it's
not optional. I'm not even sure what is the default summary this is supposed to
override.

https://codereview.chromium.org/2542533004/diff/180001/third_party/WebKit/Sou...
File third_party/WebKit/Source/devtools/front_end/security/SecurityModel.js
(right):

https://codereview.chromium.org/2542533004/diff/180001/third_party/WebKit/Sou...
third_party/WebKit/Source/devtools/front_end/security/SecurityModel.js:76: *
@param {?string} summaryOverride
Just string.

https://codereview.chromium.org/2542533004/diff/180001/third_party/WebKit/Sou...
third_party/WebKit/Source/devtools/front_end/security/SecurityModel.js:102: *
@param {?string} summaryOverride
Just string.

https://codereview.chromium.org/2542533004/diff/180001/third_party/WebKit/Sou...
third_party/WebKit/Source/devtools/front_end/security/SecurityModel.js:104: *
@param {!Array<!Protocol.Security.SecurityStateExplanation>=} explanations
Pleas remove "=" from the type.

https://codereview.chromium.org/2542533004/diff/180001/third_party/WebKit/Sou...
third_party/WebKit/Source/devtools/front_end/security/SecurityModel.js:105: *
@param {!Protocol.Security.InsecureContentStatus=} insecureContentStatus
Ditto.

https://codereview.chromium.org/2542533004/diff/180001/third_party/WebKit/Sou...
third_party/WebKit/Source/devtools/front_end/security/SecurityModel.js:109:
securityState, summaryOverride, schemeIsCryptographic, explanations || [],
insecureContentStatus || null);
No need for "|| []" and "|| null" anymore.

https://codereview.chromium.org/2542533004/diff/180001/third_party/WebKit/Sou...
File third_party/WebKit/Source/devtools/front_end/security/SecurityPanel.js
(right):

https://codereview.chromium.org/2542533004/diff/180001/third_party/WebKit/Sou...
third_party/WebKit/Source/devtools/front_end/security/SecurityPanel.js:95: *
@param {?string} summaryOverride
string

https://codereview.chromium.org/2542533004/diff/180001/third_party/WebKit/Sou...
third_party/WebKit/Source/devtools/front_end/security/SecurityPanel.js:645: *
@param {?string} summaryOverride
string

https://codereview.chromium.org/2542533004/diff/180001/third_party/WebKit/Sou...
third_party/WebKit/Source/devtools/front_end/security/SecurityPanel.js:666:
this._summaryText.textContent = summaryOverride ||
summaryExplanationStrings[this._securityState];
It's always present, just use it.
We can also remove summaryExplanationStrings.

[elawrence, 2016-12-09 21:19:31]

Thanks for having a look!

> What does the "overrides" mean? Let's just say "summary", especially since
it's
> not optional. I'm not even sure what is the default summary this is supposed
to
> override.

It is "optional" in the sense that, in the vast majority of cases, no text is
provided by the native code to the DevTools. When text is provided, the
summaryOverride replaces the default summary text computed by the DevTools. 

The native code sets the summaryOverride string when there's an exceptional
situation that is overriding the behavior of the omnibox security chip. In this
CL, that exceptional situation is that SafeBrowsing has deemed the page
dangerous. (In a future CL, another situation will be that the page was served
from a built-in protocol like chrome:// to which encryption is not relevant).

>
https://codereview.chromium.org/2542533004/diff/180001/third_party/WebKit/Sou...
> third_party/WebKit/Source/devtools/front_end/security/SecurityPanel.js:666:
> this._summaryText.textContent = summaryOverride ||
> summaryExplanationStrings[this._securityState];
> It's always present, just use it.
> We can also remove summaryExplanationStrings.

We can't remove the summaryExplanationStrings from the script because they are
used in the majority of cases. Removing them from the script would entail moving
the JavaScript code to native C++.

> @param {?string} summaryOverride
> Just string.

Native code always uses an empty string but the layout tests today use null. I
could change the layout tests to use "" instead, but I'm not sure whether or not
that provides any real benefit?

[dgozman, 2016-12-09 21:24:36]

On 2016/12/09 21:19:31, elawrence wrote:
> Thanks for having a look!
> 
> > What does the "overrides" mean? Let's just say "summary", especially since
> it's
> > not optional. I'm not even sure what is the default summary this is supposed
> to
> > override.
> 
> It is "optional" in the sense that, in the vast majority of cases, no text is
> provided by the native code to the DevTools. When text is provided, the
> summaryOverride replaces the default summary text computed by the DevTools. 
> 
> The native code sets the summaryOverride string when there's an exceptional
> situation that is overriding the behavior of the omnibox security chip. In
this
> CL, that exceptional situation is that SafeBrowsing has deemed the page
> dangerous. (In a future CL, another situation will be that the page was served
> from a built-in protocol like chrome:// to which encryption is not relevant).

Thanks for explanation!
In this case we should actually make it optional and don't send the empty string
from backend.
Let's still call it "summary". The fact that it's optional means the client
(DevTools) will show
default string.
In this case please disregard all my comments about ?string and such - make it
nullable everywhere instead.

[elawrence, 2016-12-13 16:53:53]

The CQ bit was checked by elawrence@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-12-13 16:54:21]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[elawrence, 2016-12-13 16:56:38]

Patchset #8 (id:200001) has been deleted

[commit-bot: I haz the power, 2016-12-13 16:57:40]

Dry run: Try jobs failed on following builders:
  android_clang_dbg_recipe on master.tryserver.chromium.android (JOB_FAILED,
https://build.chromium.org/p/tryserver.chromium.android/builders/android_clan...)
  android_compile_dbg on master.tryserver.chromium.android (JOB_FAILED,
https://build.chromium.org/p/tryserver.chromium.android/builders/android_comp...)
  android_cronet on master.tryserver.chromium.android (JOB_FAILED,
https://build.chromium.org/p/tryserver.chromium.android/builders/android_cron...)
  linux_android_rel_ng on master.tryserver.chromium.android (JOB_FAILED,
https://build.chromium.org/p/tryserver.chromium.android/builders/linux_androi...)
  cast_shell_linux on master.tryserver.chromium.linux (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.linux/builders/cast_shell_linu...)
  chromeos_amd64-generic_chromium_compile_only_ng on
master.tryserver.chromium.linux (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.linux/builders/chromeos_amd64-...)
  chromeos_daisy_chromium_compile_only_ng on master.tryserver.chromium.linux
(JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.linux/builders/chromeos_daisy_...)
  chromium_presubmit on master.tryserver.chromium.linux (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.linux/builders/chromium_presub...)
  linux_chromium_chromeos_rel_ng on master.tryserver.chromium.linux (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)
  linux_chromium_rel_ng on master.tryserver.chromium.linux (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)
  mac_chromium_compile_dbg_ng on master.tryserver.chromium.mac (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.mac/builders/mac_chromium_comp...)
  mac_chromium_rel_ng on master.tryserver.chromium.mac (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.mac/builders/mac_chromium_rel_...)
  win_chromium_x64_rel_ng on master.tryserver.chromium.win (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_x64_...)

[commit-bot: I haz the power, 2016-12-13 17:00:45]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-12-13 17:00:46]

Dry run: Try jobs failed on following builders:
  ios-device on master.tryserver.chromium.mac (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.mac/builders/ios-device/builds...)
  ios-device-xcode-clang on master.tryserver.chromium.mac (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.mac/builders/ios-device-xcode-...)
  ios-simulator on master.tryserver.chromium.mac (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.mac/builders/ios-simulator/bui...)
  ios-simulator-xcode-clang on master.tryserver.chromium.mac (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.mac/builders/ios-simulator-xco...)

[elawrence, 2016-12-14 16:10:52]

Patchset #8 (id:220001) has been deleted

[elawrence, 2016-12-14 16:12:58]

The CQ bit was checked by elawrence@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-12-14 16:13:23]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-12-14 16:15:31]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-12-14 16:15:33]

Dry run: Try jobs failed on following builders:
  ios-device on master.tryserver.chromium.mac (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.mac/builders/ios-device/builds...)
  ios-device-xcode-clang on master.tryserver.chromium.mac (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.mac/builders/ios-device-xcode-...)
  ios-simulator on master.tryserver.chromium.mac (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.mac/builders/ios-simulator/bui...)
  ios-simulator-xcode-clang on master.tryserver.chromium.mac (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.mac/builders/ios-simulator-xco...)
  mac_chromium_compile_dbg_ng on master.tryserver.chromium.mac (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.mac/builders/mac_chromium_comp...)

[elawrence, 2016-12-14 16:20:01]

Patchset #8 (id:240001) has been deleted

[elawrence, 2016-12-14 19:11:52]

The CQ bit was checked by elawrence@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-12-14 19:13:06]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-12-14 20:08:58]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-12-14 20:09:00]

Dry run: Try jobs failed on following builders:
  win_chromium_x64_rel_ng on master.tryserver.chromium.win (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_x64_...)

[elawrence, 2016-12-14 21:15:46]

Patchset #8 (id:260001) has been deleted

[elawrence, 2016-12-14 21:17:29]

The CQ bit was checked by elawrence@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-12-14 21:18:34]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[elawrence, 2016-12-14 22:32:15]

Thanks, @dgozman-- I've changed back to an optional summary and rebased a few
times, can you please take another look?

[commit-bot: I haz the power, 2016-12-14 22:58:46]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-12-14 22:58:47]

Dry run: This issue passed the CQ dry run.

[estark, 2016-12-15 18:47:10]

Still lgtm

[dgozman, 2016-12-15 18:54:43]

lgtm with some comments. Thank you for working on this!

https://codereview.chromium.org/2542533004/diff/280001/third_party/WebKit/Sou...
File third_party/WebKit/Source/core/inspector/browser_protocol.json (right):

https://codereview.chromium.org/2542533004/diff/280001/third_party/WebKit/Sou...
third_party/WebKit/Source/core/inspector/browser_protocol.json:904: "name":
"securityStateChanged",
Note that "headless" target depends on this protocol as well, and will probably
break after this change. Unfortunately, CQ doesn't catch that so I encourage you
to build it locally before submitting.

https://codereview.chromium.org/2542533004/diff/280001/third_party/WebKit/Sou...
File third_party/WebKit/Source/devtools/front_end/security/SecurityModel.js
(right):

https://codereview.chromium.org/2542533004/diff/280001/third_party/WebKit/Sou...
third_party/WebKit/Source/devtools/front_end/security/SecurityModel.js:103: *
@param {!Array<!Protocol.Security.SecurityStateExplanation>=} explanations
No need for = anymore. And for "|| []" below. Same goes for
insecureContentStatus.

https://codereview.chromium.org/2542533004/diff/280001/third_party/WebKit/Sou...
File third_party/WebKit/Source/devtools/front_end/security/SecurityPanel.js
(right):

https://codereview.chromium.org/2542533004/diff/280001/third_party/WebKit/Sou...
third_party/WebKit/Source/devtools/front_end/security/SecurityPanel.js:115: var
summary = /** @type {string} */ (data.summary);
?string

[elawrence, 2016-12-15 20:17:41]

The CQ bit was checked by elawrence@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-12-15 20:18:34]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[elawrence, 2016-12-15 21:04:30]

Thanks for reviewing!

> Note that "headless" target depends on this protocol as well, and will
probably
> break after this change. Unfortunately, CQ doesn't catch that so I encourage
you
> to build it locally before submitting.

Previously, a bot noted that a test was broken (HeadlessWebContentsSecurityTest)
and I cleaned that up in Patchset 7. I've downloaded and applied Patchset 9 on a
linux machine and compiled headless and headless_browsertests successfully. No
new tests fail when the browsertests are run.

> No need for = anymore. And for "|| []" below. Same goes for
> insecureContentStatus.

fixed

> summary = /** @type {string} */ (data.summary);
> ?string

fixed

[commit-bot: I haz the power, 2016-12-15 23:04:08]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-12-15 23:04:09]

Dry run: This issue passed the CQ dry run.

[elawrence, 2016-12-15 23:55:38]

The CQ bit was checked by elawrence@chromium.org

[elawrence, 2016-12-15 23:55:38]

The patchset sent to the CQ was uploaded after l-g-t-m from jam@chromium.org,
dgozman@chromium.org, estark@chromium.org
Link to the patchset: https://codereview.chromium.org/2542533004/#ps300001
(title: "Address review feedback")

[commit-bot: I haz the power, 2016-12-15 23:57:06]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-12-16 00:45:21]

CQ is committing da patch.

Bot data: {"patchset_id": 300001, "attempt_start_ts": 1481846138260690,
"parent_rev": "50912c8833b331907bdea4ae8c02393196019968", "commit_rev":
"0742f58db1cf16432ea76e2a0587da16d6052fa1"}

[commit-bot: I haz the power, 2016-12-16 00:45:50]

Description was changed from

==========
Override DevTools security summary when a Safe Browsing warning shows.

When a Safe Browsing warning is showing, the Developer Tools Security
panel should show custom text in the summary area.

BUG=654600
==========

to

==========
Override DevTools security summary when a Safe Browsing warning shows.

When a Safe Browsing warning is showing, the Developer Tools Security
panel should show custom text in the summary area.

BUG=654600

Review-Url: https://codereview.chromium.org/2542533004
==========

[commit-bot: I haz the power, 2016-12-16 00:45:53]

Committed patchset #9 (id:300001)

[commit-bot: I haz the power, 2016-12-16 00:47:34]

Description was changed from

==========
Override DevTools security summary when a Safe Browsing warning shows.

When a Safe Browsing warning is showing, the Developer Tools Security
panel should show custom text in the summary area.

BUG=654600

Review-Url: https://codereview.chromium.org/2542533004
==========

to

==========
Override DevTools security summary when a Safe Browsing warning shows.

When a Safe Browsing warning is showing, the Developer Tools Security
panel should show custom text in the summary area.

BUG=654600

Committed: https://crrev.com/7a5785c7cb84a522fc8b148bb80afbd74acbc695
Cr-Commit-Position: refs/heads/master@{#438968}
==========

[commit-bot: I haz the power, 2016-12-16 00:47:36]

Patchset 9 (id:??) landed as
https://crrev.com/7a5785c7cb84a522fc8b148bb80afbd74acbc695
Cr-Commit-Position: refs/heads/master@{#438968}