Refactor security interstitials, add SecurityInterstitialPage.

chrome/browser/safe_browsing/safe_browsing_blocking_page.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 //
 // Implementation of the SafeBrowsingBlockingPage class.
 
 #include "chrome/browser/safe_browsing/safe_browsing_blocking_page.h"
 
 #include <string>
 
@@ skipping 25 matching lines @@
 #include "components/google/core/browser/google_util.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/interstitial_page.h"
 #include "content/public/browser/navigation_controller.h"
 #include "content/public/browser/user_metrics.h"
 #include "content/public/browser/web_contents.h"
 #include "content/public/common/renderer_preferences.h"
 #include "grit/browser_resources.h"
 #include "net/base/escape.h"
 #include "ui/base/l10n/l10n_util.h"
-#include "ui/base/resource/resource_bundle.h"
-#include "ui/base/webui/jstemplate_builder.h"
-#include "ui/base/webui/web_ui_util.h"
 
 #if defined(ENABLE_EXTENSIONS)
 #include "chrome/browser/extensions/api/experience_sampling_private/experience_sampling.h"
 #endif
 
 using base::UserMetricsAction;
 using content::BrowserThread;
 using content::InterstitialPage;
 using content::OpenURLParams;
 using content::Referrer;
@@ skipping 80 matching lines @@
       SafeBrowsingBlockingPageFactoryImpl>;
 
   SafeBrowsingBlockingPageFactoryImpl() { }
 
   DISALLOW_COPY_AND_ASSIGN(SafeBrowsingBlockingPageFactoryImpl);
 };
 
 static base::LazyInstance<SafeBrowsingBlockingPageFactoryImpl>
     g_safe_browsing_blocking_page_factory_impl = LAZY_INSTANCE_INITIALIZER;
 
+// static
+const void* SafeBrowsingBlockingPage::kTypeForTesting =
+    &SafeBrowsingBlockingPage::kTypeForTesting;
+
 SafeBrowsingBlockingPage::SafeBrowsingBlockingPage(
     SafeBrowsingUIManager* ui_manager,
     WebContents* web_contents,
     const UnsafeResourceList& unsafe_resources)
-    : malware_details_proceed_delay_ms_(
+    : SecurityInterstitialPage(web_contents, unsafe_resources[0].url),
+      malware_details_proceed_delay_ms_(
           kMalwareDetailsProceedDelayMilliSeconds),
       ui_manager_(ui_manager),
       report_loop_(NULL),
       is_main_frame_load_blocked_(IsMainPageLoadBlocked(unsafe_resources)),
       unsafe_resources_(unsafe_resources),
       proceeded_(false),
-      web_contents_(web_contents),
-      url_(unsafe_resources[0].url),
-      interstitial_page_(NULL),
-      create_view_(true),
       num_visits_(-1) {
   bool malware = false;
   bool harmful = false;
   bool phishing = false;
   for (UnsafeResourceList::const_iterator iter = unsafe_resources_.begin();
        iter != unsafe_resources_.end(); ++iter) {
     const UnsafeResource& resource = *iter;
     SBThreatType threat_type = resource.threat_type;
     if (threat_type == SB_THREAT_TYPE_URL_MALWARE ||
         threat_type == SB_THREAT_TYPE_CLIENT_SIDE_MALWARE_URL) {
@@ skipping 17 matching lines @@
   RecordUserDecision(SHOW);
   RecordUserInteraction(TOTAL_VISITS);
   if (IsPrefEnabled(prefs::kSafeBrowsingProceedAnywayDisabled))
     RecordUserDecision(PROCEEDING_DISABLED);
 
   HistoryService* history_service = HistoryServiceFactory::GetForProfile(
           Profile::FromBrowserContext(web_contents->GetBrowserContext()),
           Profile::EXPLICIT_ACCESS);
   if (history_service) {
     history_service->GetVisibleVisitCountToHost(
-        url_,
+        request_url(),
         base::Bind(&SafeBrowsingBlockingPage::OnGotHistoryCount,
                    base::Unretained(this)),
         &request_tracker_);
   }
 
   if (!is_main_frame_load_blocked_) {
     navigation_entry_index_to_remove_ =
         web_contents->GetController().GetLastCommittedEntryIndex();
   } else {
     navigation_entry_index_to_remove_ = -1;
@@ skipping 24 matching lines @@
       break;
     case TYPE_PHISHING:
       event_name = kEventNamePhishing;
       break;
     default:
       event_name = kEventNameOther;
       break;
   }
   sampling_event_.reset(new ExperienceSamplingEvent(
       event_name,
-      url_,
-      web_contents_->GetLastCommittedURL(),
-      web_contents_->GetBrowserContext()));
+      request_url(),
+      web_contents->GetLastCommittedURL(),
+      web_contents->GetBrowserContext()));
 #endif
-
-  // Creating interstitial_page_ without showing it leaks memory, so don't
-  // create it here.
 }
 
 bool SafeBrowsingBlockingPage::CanShowMalwareDetailsOption() {
-  return (!web_contents_->GetBrowserContext()->IsOffTheRecord() &&
-          web_contents_->GetURL().SchemeIs(url::kHttpScheme));
+  return (!web_contents()->GetBrowserContext()->IsOffTheRecord() &&
+          web_contents()->GetURL().SchemeIs(url::kHttpScheme));
 }
 
 SafeBrowsingBlockingPage::~SafeBrowsingBlockingPage() {
 }
 
 void SafeBrowsingBlockingPage::CommandReceived(const std::string& cmd) {
   std::string command(cmd);  // Make a local copy so we can modify it.
   // The Jasonified response has quotes, remove them.
   if (command.length() > 1 && command[0] == '"') {
     command = command.substr(1, command.length() - 2);
@@ skipping 13 matching lines @@
     RecordUserInteraction(SHOW_LEARN_MORE);
     GURL learn_more_url(interstitial_type_ == TYPE_PHISHING ?
                         kLearnMorePhishingUrlV2 : kLearnMoreMalwareUrlV2);
     learn_more_url = google_util::AppendGoogleLocaleParam(
         learn_more_url, g_browser_process->GetApplicationLocale());
     OpenURLParams params(learn_more_url,
                          Referrer(),
                          CURRENT_TAB,
                          ui::PAGE_TRANSITION_LINK,
                          false);
-    web_contents_->OpenURL(params);
+    web_contents()->OpenURL(params);
     return;
   }
 
   if (command == kShowPrivacyCommand) {
     // User pressed "Safe Browsing privacy policy".
     RecordUserInteraction(SHOW_PRIVACY_POLICY);
     GURL privacy_url(
         l10n_util::GetStringUTF8(IDS_SAFE_BROWSING_PRIVACY_POLICY_URL));
     privacy_url = google_util::AppendGoogleLocaleParam(
         privacy_url, g_browser_process->GetApplicationLocale());
     OpenURLParams params(privacy_url,
                          Referrer(),
                          CURRENT_TAB,
                          ui::PAGE_TRANSITION_LINK,
                          false);
-    web_contents_->OpenURL(params);
+    web_contents()->OpenURL(params);
     return;
   }
 
   bool proceed_blocked = false;
   if (command == kProceedCommand) {
     if (IsPrefEnabled(prefs::kSafeBrowsingProceedAnywayDisabled)) {
       proceed_blocked = true;
     } else {
       RecordUserDecision(PROCEED);
-      interstitial_page_->Proceed();
+      interstitial_page()->Proceed();
       // |this| has been deleted after Proceed() returns.
       return;
     }
   }
 
   if (command == kTakeMeBackCommand || proceed_blocked) {
     // Don't record the user action here because there are other ways of
     // triggering DontProceed, like clicking the back button.
     if (is_main_frame_load_blocked_) {
       // If the load is blocked, we want to close the interstitial and discard
       // the pending entry.
-      interstitial_page_->DontProceed();
+      interstitial_page()->DontProceed();
       // |this| has been deleted after DontProceed() returns.
       return;
     }
 
     // Otherwise the offending entry has committed, and we need to go back or
     // to a safe page.  We will close the interstitial when that page commits.
-    if (web_contents_->GetController().CanGoBack()) {
-      web_contents_->GetController().GoBack();
+    if (web_contents()->GetController().CanGoBack()) {
+      web_contents()->GetController().GoBack();
     } else {
-      web_contents_->GetController().LoadURL(
+      web_contents()->GetController().LoadURL(
           GURL(chrome::kChromeUINewTabURL),
           content::Referrer(),
           ui::PAGE_TRANSITION_AUTO_TOPLEVEL,
           std::string());
     }
     return;
   }
 
   // The "report error" and "show diagnostic" commands can have a number
   // appended to them, which is the index of the element they apply to.
@@ skipping 28 matching lines @@
         diagnostic_url, g_browser_process->GetApplicationLocale());
     DCHECK(unsafe_resources_[element_index].threat_type ==
                SB_THREAT_TYPE_URL_MALWARE ||
            unsafe_resources_[element_index].threat_type ==
                SB_THREAT_TYPE_CLIENT_SIDE_MALWARE_URL ||
            unsafe_resources_[element_index].threat_type ==
                SB_THREAT_TYPE_URL_UNWANTED);
     OpenURLParams params(
         diagnostic_url, Referrer(), CURRENT_TAB, ui::PAGE_TRANSITION_LINK,
         false);
-    web_contents_->OpenURL(params);
+    web_contents()->OpenURL(params);
     return;
   }
 
   if (command == kExpandedSeeMoreCommand) {
     RecordUserInteraction(SHOW_ADVANCED);
     return;
   }
 
   NOTREACHED() << "Unexpected command: " << command;
 }
 
 void SafeBrowsingBlockingPage::OverrideRendererPrefs(
       content::RendererPreferences* prefs) {
   Profile* profile = Profile::FromBrowserContext(
-      web_contents_->GetBrowserContext());
+      web_contents()->GetBrowserContext());
   renderer_preferences_util::UpdateFromSystemSettings(
-      prefs, profile, web_contents_);
-}
+      prefs, profile, web_contents());
+ }
 
 void SafeBrowsingBlockingPage::SetReportingPreference(bool report) {
   Profile* profile = Profile::FromBrowserContext(
-      web_contents_->GetBrowserContext());
+      web_contents()->GetBrowserContext());
   PrefService* pref = profile->GetPrefs();
   pref->SetBoolean(prefs::kSafeBrowsingExtendedReportingEnabled, report);
   UMA_HISTOGRAM_BOOLEAN("SB2.SetExtendedReportingEnabled", report);
 }
 
 void SafeBrowsingBlockingPage::OnProceed() {
   proceeded_ = true;
   // Send the malware details, if we opted to.
   FinishMalwareDetails(malware_details_proceed_delay_ms_);
 
   NotifySafeBrowsingUIManager(ui_manager_, unsafe_resources_, true);
 
   // Check to see if some new notifications of unsafe resources have been
   // received while we were showing the interstitial.
   UnsafeResourceMap* unsafe_resource_map = GetUnsafeResourcesMap();
-  UnsafeResourceMap::iterator iter = unsafe_resource_map->find(web_contents_);
+  UnsafeResourceMap::iterator iter = unsafe_resource_map->find(web_contents());
   SafeBrowsingBlockingPage* blocking_page = NULL;
   if (iter != unsafe_resource_map->end() && !iter->second.empty()) {
     // Build an interstitial for all the unsafe resources notifications.
     // Don't show it now as showing an interstitial while an interstitial is
     // already showing would cause DontProceed() to be invoked.
-    blocking_page = factory_->CreateSafeBrowsingPage(ui_manager_, web_contents_,
+    blocking_page = factory_->CreateSafeBrowsingPage(ui_manager_,
+                                                     web_contents(),
                                                      iter->second);
     unsafe_resource_map->erase(iter);
   }
 
   // Now that this interstitial is gone, we can show the new one.
   if (blocking_page)
     blocking_page->Show();
 }
 
-void SafeBrowsingBlockingPage::DontCreateViewForTesting() {
-  create_view_ = false;
+const void* SafeBrowsingBlockingPage::GetTypeForTesting() const {
+  return SafeBrowsingBlockingPage::kTypeForTesting;
 }
 
-void SafeBrowsingBlockingPage::Show() {
-  DCHECK(!interstitial_page_);
-  interstitial_page_ = InterstitialPage::Create(
-      web_contents_, is_main_frame_load_blocked_, url_, this);
-  if (!create_view_)
-    interstitial_page_->DontCreateViewForTesting();
-  interstitial_page_->Show();
+bool SafeBrowsingBlockingPage::ShouldCreateNewNavigation() const {
+  return is_main_frame_load_blocked_;
 }
 
 void SafeBrowsingBlockingPage::OnDontProceed() {
   // We could have already called Proceed(), in which case we must not notify
   // the SafeBrowsingUIManager again, as the client has been deleted.
   if (proceeded_)
     return;
 
   if (!IsPrefEnabled(prefs::kSafeBrowsingProceedAnywayDisabled))
     RecordUserDecision(DONT_PROCEED);
 
   // Send the malware details, if we opted to.
   FinishMalwareDetails(0);  // No delay
 
   NotifySafeBrowsingUIManager(ui_manager_, unsafe_resources_, false);
 
   // The user does not want to proceed, clear the queued unsafe resources
   // notifications we received while the interstitial was showing.
   UnsafeResourceMap* unsafe_resource_map = GetUnsafeResourcesMap();
-  UnsafeResourceMap::iterator iter = unsafe_resource_map->find(web_contents_);
+  UnsafeResourceMap::iterator iter = unsafe_resource_map->find(web_contents());
   if (iter != unsafe_resource_map->end() && !iter->second.empty()) {
     NotifySafeBrowsingUIManager(ui_manager_, iter->second, false);
     unsafe_resource_map->erase(iter);
   }
 
   // We don't remove the navigation entry if the tab is being destroyed as this
   // would trigger a navigation that would cause trouble as the render view host
   // for the tab has by then already been destroyed.  We also don't delete the
   // current entry if it has been committed again, which is possible on a page
   // that had a subresource warning.
   int last_committed_index =
-      web_contents_->GetController().GetLastCommittedEntryIndex();
+      web_contents()->GetController().GetLastCommittedEntryIndex();
   if (navigation_entry_index_to_remove_ != -1 &&
       navigation_entry_index_to_remove_ != last_committed_index &&
-      !web_contents_->IsBeingDestroyed()) {
-    CHECK(web_contents_->GetController().RemoveEntryAtIndex(
+      !web_contents()->IsBeingDestroyed()) {
+    CHECK(web_contents()->GetController().RemoveEntryAtIndex(
         navigation_entry_index_to_remove_));
     navigation_entry_index_to_remove_ = -1;
   }
 }
 
 void SafeBrowsingBlockingPage::OnGotHistoryCount(bool success,
                                                  int num_visits,
                                                  base::Time first_visit) {
   if (success)
     num_visits_ = num_visits;
@@ skipping 100 matching lines @@
     // Finish the malware details collection, send it over.
     BrowserThread::PostDelayedTask(
         BrowserThread::IO, FROM_HERE,
         base::Bind(&MalwareDetails::FinishCollection, malware_details_.get()),
         base::TimeDelta::FromMilliseconds(delay_ms));
   }
 }
 
 bool SafeBrowsingBlockingPage::IsPrefEnabled(const char* pref) {
   Profile* profile =
-      Profile::FromBrowserContext(web_contents_->GetBrowserContext());
+      Profile::FromBrowserContext(web_contents()->GetBrowserContext());
   return profile->GetPrefs()->GetBoolean(pref);
 }
 
 // static
 void SafeBrowsingBlockingPage::NotifySafeBrowsingUIManager(
     SafeBrowsingUIManager* ui_manager,
     const UnsafeResourceList& unsafe_resources,
     bool proceed) {
   BrowserThread::PostTask(
       BrowserThread::IO, FROM_HERE,
@@ skipping 60 matching lines @@
   // load, since they happen after the page is finished loading.
   if (unsafe_resources[0].threat_type ==
       SB_THREAT_TYPE_CLIENT_SIDE_PHISHING_URL) {
     return false;
   }
 
   // Otherwise, check the threat type.
   return unsafe_resources.size() == 1 && !unsafe_resources[0].is_subresource;
 }
 
-std::string SafeBrowsingBlockingPage::GetHTMLContents() {
-  DCHECK(!unsafe_resources_.empty());
+void SafeBrowsingBlockingPage::PopulateInterstitialStrings(
+    base::DictionaryValue* load_time_data) {
+  CHECK(load_time_data);
+  CHECK(!unsafe_resources_.empty());
 
-  // Fill in the shared values.
-  base::DictionaryValue load_time_data;
-  webui::SetFontAndTextDirection(&load_time_data);
-  load_time_data.SetString("type", "SAFEBROWSING");
-  load_time_data.SetString(
+  load_time_data->SetString("type", "SAFEBROWSING");
+  load_time_data->SetString(
       "tabTitle", l10n_util::GetStringUTF16(IDS_SAFEBROWSING_V3_TITLE));
-  load_time_data.SetString(
+  load_time_data->SetString(
       "openDetails",
       l10n_util::GetStringUTF16(IDS_SAFEBROWSING_V3_OPEN_DETAILS_BUTTON));
-  load_time_data.SetString(
+  load_time_data->SetString(
       "closeDetails",
       l10n_util::GetStringUTF16(IDS_SAFEBROWSING_V3_CLOSE_DETAILS_BUTTON));
-  load_time_data.SetString(
+  load_time_data->SetString(
       "primaryButtonText",
       l10n_util::GetStringUTF16(IDS_SAFEBROWSING_OVERRIDABLE_SAFETY_BUTTON));
-  load_time_data.SetBoolean(
+  load_time_data->SetBoolean(
       "overridable",
       !IsPrefEnabled(prefs::kSafeBrowsingProceedAnywayDisabled));
 
   switch (interstitial_type_) {
     case TYPE_MALWARE:
-      PopulateMalwareLoadTimeData(&load_time_data);
+      PopulateMalwareLoadTimeData(load_time_data);
       break;
     case TYPE_HARMFUL:
-      PopulateHarmfulLoadTimeData(&load_time_data);
+      PopulateHarmfulLoadTimeData(load_time_data);
       break;
     case TYPE_PHISHING:
-      PopulatePhishingLoadTimeData(&load_time_data);
+      PopulatePhishingLoadTimeData(load_time_data);
       break;
   }
-
-  base::StringPiece html(
-      ResourceBundle::GetSharedInstance().GetRawDataResource(
-          IDR_SECURITY_INTERSTITIAL_HTML));
-  return webui::GetI18nTemplateHtml(html, &load_time_data);
 }
 
 void SafeBrowsingBlockingPage::PopulateMalwareLoadTimeData(
     base::DictionaryValue* load_time_data) {
   load_time_data->SetBoolean("phishing", false);
   load_time_data->SetString(
       "heading", l10n_util::GetStringUTF16(IDS_MALWARE_V3_HEADING));
   load_time_data->SetString(
       "primaryParagraph",
       l10n_util::GetStringFUTF16(
           IDS_MALWARE_V3_PRIMARY_PARAGRAPH,
-          base::UTF8ToUTF16(url_.host())));
+          GetFormattedHostName()));
   load_time_data->SetString(
       "explanationParagraph",
       is_main_frame_load_blocked_ ?
           l10n_util::GetStringFUTF16(
               IDS_MALWARE_V3_EXPLANATION_PARAGRAPH,
-              base::UTF8ToUTF16(url_.host())) :
+              GetFormattedHostName()) :
           l10n_util::GetStringFUTF16(
               IDS_MALWARE_V3_EXPLANATION_PARAGRAPH_SUBRESOURCE,
-              base::UTF8ToUTF16(web_contents_->GetURL().host()),
-              base::UTF8ToUTF16(url_.host())));
+              base::UTF8ToUTF16(web_contents()->GetURL().host()),
+              GetFormattedHostName()));
   load_time_data->SetString(
       "finalParagraph",
       l10n_util::GetStringUTF16(IDS_MALWARE_V3_PROCEED_PARAGRAPH));
 
   load_time_data->SetBoolean(kDisplayCheckBox, CanShowMalwareDetailsOption());
   if (CanShowMalwareDetailsOption()) {
     std::string privacy_link = base::StringPrintf(
         kPrivacyLinkHtml,
         l10n_util::GetStringUTF8(
             IDS_SAFE_BROWSING_PRIVACY_POLICY_PAGE).c_str());
     load_time_data->SetString(
         "optInLink",
         l10n_util::GetStringFUTF16(IDS_SAFE_BROWSING_MALWARE_REPORTING_AGREE,
                                    base::UTF8ToUTF16(privacy_link)));
     load_time_data->SetBoolean(
         kBoxChecked,
         IsPrefEnabled(prefs::kSafeBrowsingExtendedReportingEnabled));
   }
 }
 
 void SafeBrowsingBlockingPage::PopulateHarmfulLoadTimeData(
     base::DictionaryValue* load_time_data) {
   load_time_data->SetBoolean("phishing", false);
   load_time_data->SetString(
       "heading", l10n_util::GetStringUTF16(IDS_HARMFUL_V3_HEADING));
   load_time_data->SetString(
       "primaryParagraph",
       l10n_util::GetStringFUTF16(
           IDS_HARMFUL_V3_PRIMARY_PARAGRAPH,
-          base::UTF8ToUTF16(url_.host())));
+          GetFormattedHostName()));
   load_time_data->SetString(
       "explanationParagraph",
       l10n_util::GetStringFUTF16(
           IDS_HARMFUL_V3_EXPLANATION_PARAGRAPH,
-          base::UTF8ToUTF16(url_.host())));
+          GetFormattedHostName()));
   load_time_data->SetString(
       "finalParagraph",
       l10n_util::GetStringUTF16(IDS_HARMFUL_V3_PROCEED_PARAGRAPH));
 
   load_time_data->SetBoolean(kDisplayCheckBox, CanShowMalwareDetailsOption());
   if (CanShowMalwareDetailsOption()) {
     std::string privacy_link = base::StringPrintf(
         kPrivacyLinkHtml,
         l10n_util::GetStringUTF8(
             IDS_SAFE_BROWSING_PRIVACY_POLICY_PAGE).c_str());
@@ skipping 10 matching lines @@
 void SafeBrowsingBlockingPage::PopulatePhishingLoadTimeData(
     base::DictionaryValue* load_time_data) {
   load_time_data->SetBoolean("phishing", true);
   load_time_data->SetString(
       "heading",
       l10n_util::GetStringUTF16(IDS_PHISHING_V3_HEADING));
   load_time_data->SetString(
       "primaryParagraph",
       l10n_util::GetStringFUTF16(
           IDS_PHISHING_V3_PRIMARY_PARAGRAPH,
-          base::UTF8ToUTF16(url_.host())));
+          GetFormattedHostName()));
   load_time_data->SetString(
       "explanationParagraph",
       l10n_util::GetStringFUTF16(IDS_PHISHING_V3_EXPLANATION_PARAGRAPH,
-                                 base::UTF8ToUTF16(url_.host())));
+                                 GetFormattedHostName()));
   load_time_data->SetString(
       "finalParagraph",
       l10n_util::GetStringUTF16(IDS_PHISHING_V3_PROCEED_PARAGRAPH));
 }