Update the malware interstitial to have the new layout

chrome/browser/safe_browsing/safe_browsing_blocking_page.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 //
 // Implementation of the SafeBrowsingBlockingPage class.
 
 #include "chrome/browser/safe_browsing/safe_browsing_blocking_page.h"
 
 #include <string>
 
 #include "base/bind.h"
+#include "base/command_line.h"
 #include "base/i18n/rtl.h"
 #include "base/lazy_instance.h"
 #include "base/metrics/field_trial.h"
 #include "base/metrics/histogram.h"
 #include "base/prefs/pref_service.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/string_piece.h"
 #include "base/strings/stringprintf.h"
 #include "base/strings/utf_string_conversions.h"
 #include "base/time/time.h"
 #include "base/values.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/google/google_util.h"
 #include "chrome/browser/history/history_service_factory.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/renderer_preferences_util.h"
 #include "chrome/browser/safe_browsing/malware_details.h"
 #include "chrome/browser/safe_browsing/ui_manager.h"
 #include "chrome/browser/tab_contents/tab_util.h"
+#include "chrome/common/chrome_switches.h"
 #include "chrome/common/pref_names.h"
 #include "chrome/common/url_constants.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/interstitial_page.h"
 #include "content/public/browser/navigation_controller.h"
 #include "content/public/browser/user_metrics.h"
 #include "content/public/browser/web_contents.h"
 #include "grit/browser_resources.h"
 #include "grit/chromium_strings.h"
 #include "grit/generated_resources.h"
@@ skipping 45 matching lines @@
     "<a id=\"privacy-link\" href=\"\" onclick=\"sendCommand('showPrivacy'); "
     "return false;\" onmousedown=\"return false;\">%s</a>";
 
 // After a malware interstitial where the user opted-in to the report
 // but clicked "proceed anyway", we delay the call to
 // MalwareDetails::FinishCollection() by this much time (in
 // milliseconds).
 const int64 kMalwareDetailsProceedDelayMilliSeconds = 3000;
 
 // The commands returned by the page when the user performs an action.
-const char kShowDiagnosticCommand[] = "showDiagnostic";
-const char kReportErrorCommand[] = "reportError";
+const char kDoReportCommand[] = "doReport";
+const char kDontReportCommand[] = "dontReport";
+const char kExpandedSeeMoreCommand[] = "expandedSeeMore";
 const char kLearnMoreCommand[] = "learnMore";
 const char kLearnMoreCommandV2[] = "learnMore2";
+const char kProceedCommand[] = "proceed";
+const char kReportErrorCommand[] = "reportError";
+const char kShowDiagnosticCommand[] = "showDiagnostic";
 const char kShowPrivacyCommand[] = "showPrivacy";
-const char kProceedCommand[] = "proceed";
 const char kTakeMeBackCommand[] = "takeMeBack";
-const char kDoReportCommand[] = "doReport";
-const char kDontReportCommand[] = "dontReport";
-const char kDisplayCheckBox[] = "displaycheckbox";
-const char kBoxChecked[] = "boxchecked";
-const char kExpandedSeeMore[] = "expandedSeeMore";
 // Special command that we use when the user navigated away from the
 // page.  E.g., closed the tab or the window.  This is only used by
 // RecordUserReactionTime.
 const char kNavigatedAwayMetaCommand[] = "closed";
 
+// Other constants used to communicate with the JavaScript.
+const char kBoxChecked[] = "boxchecked";
+const char kDisplayCheckBox[] = "displaycheckbox";
+
 base::LazyInstance<SafeBrowsingBlockingPage::UnsafeResourceMap>
     g_unsafe_resource_map = LAZY_INSTANCE_INITIALIZER;
 
 // These are the conditions for the summer 2013 Finch experiment.
 // TODO(felt): Get rid of these now that experiment has ended.
 const char kMalwareStudyName[] = "InterstitialMalware310";
 const char kPhishingStudyName[] = "InterstitialPhishing564";
 const char kCond7MalwareFearMsg[] = "cond7MalwareFearMsg";
 const char kCond8PhishingFearMsg[] = "cond8PhishingFearMsg";
 const char kCond9MalwareCollabMsg[] = "cond9MalwareCollabMsg";
@@ skipping 16 matching lines @@
   PHISHING_PROCEED_CROSS_SITE,
   MAX_DETAILED_ACTION
 };
 
 void RecordDetailedUserAction(DetailedDecision decision) {
   UMA_HISTOGRAM_ENUMERATION("SB2.InterstitialActionDetails",
                             decision,
                             MAX_DETAILED_ACTION);
 }
 
+bool Version3Enabled() {
+  if (CommandLine::ForCurrentProcess()->HasSwitch(
+      switches::kMalwareInterstitialVersionV3)) {
+    return true;
+  }
+  if (base::FieldTrialList::FindFullName("MalwareInterstitialVersion")

[mattm, 2014/06/10 23:37:09]

Doesn't the trial have to be initialized somewhere?

[felt, 2014/06/11 00:12:09]

No, this works, I have been testing with it. The initialization happens in a
server-side config file that's in google3.

+      == "V3") {

[mattm, 2014/06/10 23:37:09]

should be a constant?

[felt, 2014/06/11 00:12:09]

Sure.

+    return true;
+  }
+  return false;
+}
+
+class SafeBrowsingBlockingPageV3 : public SafeBrowsingBlockingPage {
+ public:
+  SafeBrowsingBlockingPageV3(SafeBrowsingUIManager* ui_manager,
+                             content::WebContents* web_contents,
+                             const UnsafeResourceList& unsafe_resources);
+
+  // InterstitialPageDelegate method:
+  virtual std::string GetHTMLContents() OVERRIDE;
+
+ private:
+  // Fills the passed dictionary with the values to be passed to the template
+  // when creating the HTML.
+  void PopulateMalwareLoadTimeData(base::DictionaryValue* load_time_data);
+  void PopulatePhishingLoadTimeData(base::DictionaryValue* load_time_data);
+
+  DISALLOW_COPY_AND_ASSIGN(SafeBrowsingBlockingPageV3);
+};
+
 }  // namespace
 
 // static
 SafeBrowsingBlockingPageFactory* SafeBrowsingBlockingPage::factory_ = NULL;
 
 // The default SafeBrowsingBlockingPageFactory.  Global, made a singleton so we
 // don't leak it.
 class SafeBrowsingBlockingPageFactoryImpl
     : public SafeBrowsingBlockingPageFactory {
  public:
   virtual SafeBrowsingBlockingPage* CreateSafeBrowsingPage(
       SafeBrowsingUIManager* ui_manager,
       WebContents* web_contents,
       const SafeBrowsingBlockingPage::UnsafeResourceList& unsafe_resources)
       OVERRIDE {
     // Only use the V2 page if the interstitial is for a single malware or
     // phishing resource, the multi-threat interstitial has not been updated to
     // V2 yet.
     if (unsafe_resources.size() == 1 &&
         (unsafe_resources[0].threat_type == SB_THREAT_TYPE_URL_MALWARE ||
          unsafe_resources[0].threat_type ==
          SB_THREAT_TYPE_CLIENT_SIDE_MALWARE_URL ||
          unsafe_resources[0].threat_type == SB_THREAT_TYPE_URL_PHISHING ||
          unsafe_resources[0].threat_type ==
          SB_THREAT_TYPE_CLIENT_SIDE_PHISHING_URL)) {
-      return new SafeBrowsingBlockingPageV2(ui_manager, web_contents,
-          unsafe_resources);
+      if (Version3Enabled()) {
+        return new SafeBrowsingBlockingPageV3(ui_manager, web_contents,
+            unsafe_resources);
+      } else {
+        return new SafeBrowsingBlockingPageV2(ui_manager, web_contents,
+            unsafe_resources);
+      }
     }
     return new SafeBrowsingBlockingPageV1(ui_manager, web_contents,
                                           unsafe_resources);
   }
 
  private:
   friend struct base::DefaultLazyInstanceTraits<
       SafeBrowsingBlockingPageFactoryImpl>;
 
   SafeBrowsingBlockingPageFactoryImpl() { }
@@ skipping 237 matching lines @@
            SB_THREAT_TYPE_URL_MALWARE ||
            unsafe_resources_[element_index].threat_type ==
            SB_THREAT_TYPE_CLIENT_SIDE_MALWARE_URL);
     OpenURLParams params(
         diagnostic_url, Referrer(), CURRENT_TAB, content::PAGE_TRANSITION_LINK,
         false);
     web_contents_->OpenURL(params);
     return;
   }
 
-  if (command == kExpandedSeeMore) {
+  if (command == kExpandedSeeMoreCommand) {
     // User expanded the "see more info" section of the page.  We don't actually
     // do any action based on this, it's just so that RecordUserReactionTime can
     // track it.
     return;
   }
 
   NOTREACHED() << "Unexpected command: " << command;
 }
 
 void SafeBrowsingBlockingPage::OverrideRendererPrefs(
@@ skipping 262 matching lines @@
     } else if (command == kShowDiagnosticCommand) {
       UMA_HISTOGRAM_MEDIUM_TIMES("SB2.MalwareInterstitialTimeDiagnostic", dt);
     } else if (command == kShowPrivacyCommand) {
       UMA_HISTOGRAM_MEDIUM_TIMES("SB2.MalwareInterstitialTimePrivacyPolicy",
                                  dt);
     } else if (command == kLearnMoreCommand || command == kLearnMoreCommandV2) {
       UMA_HISTOGRAM_MEDIUM_TIMES("SB2.MalwareInterstitialLearnMore",
                                  dt);
     } else if (command == kNavigatedAwayMetaCommand) {
       UMA_HISTOGRAM_MEDIUM_TIMES("SB2.MalwareInterstitialTimeClosed", dt);
-    } else if (command == kExpandedSeeMore) {
+    } else if (command == kExpandedSeeMoreCommand) {
       // Only record the expanded histogram once per display of the
       // interstitial.
       if (has_expanded_see_more_section_)
         return;
       RecordUserAction(SHOW_ADVANCED);
       UMA_HISTOGRAM_MEDIUM_TIMES("SB2.MalwareInterstitialTimeExpandedSeeMore",
                                  dt);
       has_expanded_see_more_section_ = true;
       // Expanding the "See More" section doesn't finish the interstitial, so
       // don't mark the reaction time as recorded.
       recorded = false;
     } else {
       recorded = false;
     }
   } else {
     // Same as above but for phishing warnings.
     if (command == kProceedCommand) {
       UMA_HISTOGRAM_MEDIUM_TIMES("SB2.PhishingInterstitialTimeProceed", dt);
     } else if (command == kTakeMeBackCommand) {
       UMA_HISTOGRAM_MEDIUM_TIMES("SB2.PhishingInterstitialTimeTakeMeBack", dt);
     } else if (command == kShowDiagnosticCommand) {
       UMA_HISTOGRAM_MEDIUM_TIMES("SB2.PhishingInterstitialTimeReportError", dt);
     } else if (command == kLearnMoreCommand || command == kLearnMoreCommandV2) {
       UMA_HISTOGRAM_MEDIUM_TIMES("SB2.PhishingInterstitialTimeLearnMore", dt);
     } else if (command == kNavigatedAwayMetaCommand) {
       UMA_HISTOGRAM_MEDIUM_TIMES("SB2.PhishingInterstitialTimeClosed", dt);
-    } else if (command == kExpandedSeeMore) {
+    } else if (command == kExpandedSeeMoreCommand) {
       // Only record the expanded histogram once per display of the
       // interstitial.
       if (has_expanded_see_more_section_)
         return;
       RecordUserAction(SHOW_ADVANCED);
       UMA_HISTOGRAM_MEDIUM_TIMES("SB2.PhishingInterstitialTimeExpandedSeeMore",
                                  dt);
       has_expanded_see_more_section_ = true;
       // Expanding the "See More" section doesn't finish the interstitial, so
       // don't mark the reaction time as recorded.
@@ skipping 402 matching lines @@
             IDS_SAFE_BROWSING_PRIVACY_POLICY_PAGE_V2).c_str());
 
     strings->SetString("confirm_text",
                        l10n_util::GetStringFUTF16(
                            IDS_SAFE_BROWSING_MALWARE_V2_REPORTING_AGREE,
                            base::UTF8ToUTF16(privacy_link)));
     if (IsPrefEnabled(prefs::kSafeBrowsingReportingEnabled))
       strings->SetString(kBoxChecked, "yes");
     else
       strings->SetString(kBoxChecked, std::string());
   }

[mattm, 2014/06/10 23:37:09]

Is it intentional that the new page doesn't show the malware details reporting
check box?

[felt, 2014/06/11 00:12:09]

Yes, the designers were still deciding where to put the checkbox when I wrote
this CL. I'll send out another one with the checkbox.

 
   strings->SetString("report_error", base::string16());
   strings->SetString("learnMore",
       l10n_util::GetStringUTF16(IDS_SAFE_BROWSING_MALWARE_V2_LEARN_MORE));
 }
 
 void SafeBrowsingBlockingPageV2::PopulatePhishingStringDictionary(
     base::DictionaryValue* strings) {
   PopulateStringDictionary(
       strings,
       l10n_util::GetStringUTF16(IDS_SAFE_BROWSING_PHISHING_V2_TITLE),
       l10n_util::GetStringUTF16(IDS_SAFE_BROWSING_PHISHING_V2_HEADLINE),
       l10n_util::GetStringFUTF16(IDS_SAFE_BROWSING_PHISHING_V2_DESCRIPTION1,
                                  l10n_util::GetStringUTF16(IDS_PRODUCT_NAME),
                                  base::UTF8ToUTF16(url_.host())),
       base::string16(),
       l10n_util::GetStringUTF16(IDS_SAFE_BROWSING_PHISHING_V2_DESCRIPTION2));
 
   strings->SetString("details", std::string());
   strings->SetString("confirm_text", std::string());
   strings->SetString(kBoxChecked, std::string());
   strings->SetString(
       "report_error",
       l10n_util::GetStringUTF16(IDS_SAFE_BROWSING_PHISHING_V2_REPORT_ERROR));
   strings->SetBoolean(kDisplayCheckBox, false);
   strings->SetString("learnMore",
       l10n_util::GetStringUTF16(IDS_SAFE_BROWSING_MALWARE_V2_LEARN_MORE));
 }
+
+SafeBrowsingBlockingPageV3::SafeBrowsingBlockingPageV3(
+    SafeBrowsingUIManager* ui_manager,
+    WebContents* web_contents,
+    const UnsafeResourceList& unsafe_resources)
+    : SafeBrowsingBlockingPage(ui_manager, web_contents, unsafe_resources) {
+}
+
+std::string SafeBrowsingBlockingPageV3::GetHTMLContents() {
+  if (unsafe_resources_.empty() || unsafe_resources_.size() > 1) {
+    // TODO(felt): Implement new multi-threat interstitial. crbug.com/160336
+    NOTIMPLEMENTED();
+    return std::string();
+  }
+
+  // Fill in the shared values.
+  base::DictionaryValue load_time_data;
+  webui::SetFontAndTextDirection(&load_time_data);
+  load_time_data.SetBoolean("ssl", false);
+  load_time_data.SetString(
+      "openDetails",
+      l10n_util::GetStringUTF16(IDS_SAFE_BROWSING_MALWARE_V2_SEE_MORE));
+  load_time_data.SetString(
+      "closeDetails",
+      l10n_util::GetStringUTF16(IDS_SAFE_BROWSING_MALWARE_V2_SEE_MORE));
+  load_time_data.SetString(
+      "primaryButtonText",
+      l10n_util::GetStringUTF16(IDS_SSL_OVERRIDABLE_SAFETY_BUTTON));
+  load_time_data.SetString(
+      "proceedText",
+      l10n_util::GetStringUTF16(IDS_SAFE_BROWSING_MALWARE_V2_PROCEED_LINK));
+  load_time_data.SetBoolean(
+      "overridable",
+      !IsPrefEnabled(prefs::kSafeBrowsingProceedAnywayDisabled));
+
+  // Fill in the values that are specific to malware or phishing.
+  SBThreatType threat_type = unsafe_resources_[0].threat_type;
+  switch (threat_type) {
+    case SB_THREAT_TYPE_URL_MALWARE:
+    case SB_THREAT_TYPE_CLIENT_SIDE_MALWARE_URL:
+      PopulateMalwareLoadTimeData(&load_time_data);
+      break;
+    case SB_THREAT_TYPE_URL_PHISHING:
+    case SB_THREAT_TYPE_CLIENT_SIDE_PHISHING_URL:
+      PopulatePhishingLoadTimeData(&load_time_data);
+      break;
+    case SB_THREAT_TYPE_SAFE:
+    case SB_THREAT_TYPE_BINARY_MALWARE_URL:
+    case SB_THREAT_TYPE_EXTENSION:
+      NOTREACHED();
+  }
+
+  interstitial_show_time_ = base::TimeTicks::Now();
+
+  base::StringPiece html(
+      ResourceBundle::GetSharedInstance().GetRawDataResource(
+          IRD_SSL_INTERSTITIAL_V2_HTML));
+  webui::UseVersion2 version;
+  return webui::GetI18nTemplateHtml(html, &load_time_data);
+}
+
+void SafeBrowsingBlockingPageV3::PopulateMalwareLoadTimeData(
+    base::DictionaryValue* load_time_data) {
+  load_time_data->SetBoolean("phishing", false);
+  load_time_data->SetString(
+      "tabTitle",
+      l10n_util::GetStringUTF16(IDS_SAFE_BROWSING_MALWARE_V2_TITLE));
+  load_time_data->SetString(
+      "heading",
+      l10n_util::GetStringUTF16(is_main_frame_load_blocked_ ?
+          IDS_SAFE_BROWSING_MALWARE_V2_HEADLINE :
+          IDS_SAFE_BROWSING_MALWARE_V2_HEADLINE_SUBRESOURCE));
+  load_time_data->SetString(
+      "primaryParagraph",
+      l10n_util::GetStringFUTF16(
+          is_main_frame_load_blocked_ ?
+              IDS_SAFE_BROWSING_MALWARE_V2_DESCRIPTION1 :
+              IDS_SAFE_BROWSING_MALWARE_V2_DESCRIPTION1_SUBRESOURCE,
+          l10n_util::GetStringUTF16(IDS_PRODUCT_NAME),
+          base::UTF8ToUTF16(is_main_frame_load_blocked_ ?
+                            url_.host() : web_contents_->GetURL().host())));
+  load_time_data->SetString(
+      "secondParagraph",
+      is_main_frame_load_blocked_ ?
+          l10n_util::GetStringUTF16(IDS_SAFE_BROWSING_MALWARE_V2_DESCRIPTION2) :
+          l10n_util::GetStringFUTF16(
+              IDS_SAFE_BROWSING_MALWARE_V2_DESCRIPTION2_SUBRESOURCE,
+              l10n_util::GetStringUTF16(IDS_PRODUCT_NAME),
+              base::UTF8ToUTF16(url_.host())));
+  load_time_data->SetString(
+      "thirdParagraph",
+      l10n_util::GetStringUTF16(IDS_SAFE_BROWSING_MALWARE_V2_DESCRIPTION3));
+  load_time_data->SetString(
+      "detailsText",
+      is_main_frame_load_blocked_ ?
+          l10n_util::GetStringUTF16(IDS_SAFE_BROWSING_MALWARE_V2_DETAILS) :
+          l10n_util::GetStringFUTF16(
+              IDS_SAFE_BROWSING_MALWARE_V2_DETAILS_SUBRESOURCE,
+              base::UTF8ToUTF16(url_.host())));
+}
+
+void SafeBrowsingBlockingPageV3::PopulatePhishingLoadTimeData(
+    base::DictionaryValue* load_time_data) {
+  load_time_data->SetBoolean("phishing", true);
+  load_time_data->SetString(
+      "tabTitle",
+      l10n_util::GetStringUTF16(IDS_SAFE_BROWSING_PHISHING_V2_TITLE));
+  load_time_data->SetString(
+      "heading",
+      l10n_util::GetStringUTF16(IDS_SAFE_BROWSING_PHISHING_V2_HEADLINE));
+  load_time_data->SetString(
+      "primaryParagraph",
+      l10n_util::GetStringFUTF16(
+          IDS_SAFE_BROWSING_PHISHING_V2_DESCRIPTION1,
+          l10n_util::GetStringUTF16(IDS_PRODUCT_NAME),
+          base::UTF8ToUTF16(url_.host())));
+  load_time_data->SetString(
+      "secondParagraph",
+      l10n_util::GetStringUTF16(IDS_SAFE_BROWSING_MALWARE_V2_DESCRIPTION2));

[mattm, 2014/06/10 23:37:08]

is MALWARE here intentional?

[felt, 2014/06/11 00:12:09]

No, good catch.

+  load_time_data->SetString(
+      "detailsText",
+      l10n_util::GetStringUTF16(IDS_SAFE_BROWSING_PHISHING_V2_REPORT_ERROR));
+}