Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(331)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/ssl/ssl_blocking_page.cc

Issue 664503006: Implementation of the full clock interstitial. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Prevent "danger" override on clock interstitial. Created 6 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« chrome/browser/ssl/ssl_blocking_page.h ('K') | « chrome/browser/ssl/ssl_blocking_page.h ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/ssl/ssl_blocking_page.cc
diff --git a/chrome/browser/ssl/ssl_blocking_page.cc b/chrome/browser/ssl/ssl_blocking_page.cc
index 19f27d563c1b39e6858d91c9805f8215bf3a56a7..b33a9930b89ef96017dae808c4f5b36a68519af5 100644
--- a/chrome/browser/ssl/ssl_blocking_page.cc
+++ b/chrome/browser/ssl/ssl_blocking_page.cc
@@ -240,6 +240,8 @@ void LaunchDateAndTimeSettings() {
const char* argument;
};
static const ClockCommand kClockCommands[] = {
+ // Unity
+ { "/usr/bin/unity-control-center", "datetime" },
// GNOME
//
// NOTE: On old Ubuntu, naming control panels doesn't work, so it
@@ -371,6 +373,9 @@ SSLBlockingPage::SSLBlockingPage(content::WebContents* web_contents,
web_contents_->GetBrowserContext()));
#endif
+ // For now, allow interstitials to be "danger" overridable by default.
+ danger_overridable_ = true;
felt 2014/10/23 23:19:03 you should do this in the init block at the top:
+
// Creating an interstitial without showing (e.g. from chrome://interstitials)
// it leaks memory, so don't create it here.
}
@@ -418,98 +423,124 @@ std::string SSLBlockingPage::GetHTMLContents() {
base::i18n::WrapStringWithLTRFormatting(&url);
webui::SetFontAndTextDirection(&load_time_data);
- // Shared values for both the overridable and non-overridable versions.
load_time_data.SetString("type", "SSL");
- load_time_data.SetBoolean("overridable", overridable_);
- load_time_data.SetString(
- "tabTitle", l10n_util::GetStringUTF16(IDS_SSL_V2_TITLE));
- load_time_data.SetString(
- "heading", l10n_util::GetStringUTF16(IDS_SSL_V2_HEADING));
base::Time now = base::Time::NowFromSystemTime();
bool bad_clock = IsErrorDueToBadClock(now, cert_error_);
+
+ load_time_data.SetString("errorCode", net::ErrorToString(cert_error_));
+
if (bad_clock) {
+ load_time_data.SetBoolean("bad_clock", true);
+ load_time_data.SetBoolean("overridable", false);
+
+ // We're showing the SSL clock warning to be helpful, but we haven't
+ // warned them about the risks. (And there might still be an SSL error
+ // after they fix their clock.)
+ // Thus, we don't allow the "danger" override in this case.
+ danger_overridable_ = false;
+
+ int heading_string = SSLErrorClassification::IsUserClockInTheFuture(now) ?
+ IDS_SSL_V2_CLOCK_AHEAD_HEADING :
+ IDS_SSL_V2_CLOCK_BEHIND_HEADING;
+
+ load_time_data.SetString(
+ "tabTitle",
+ l10n_util::GetStringUTF16(IDS_SSL_V2_CLOCK_TITLE));
+ load_time_data.SetString(
+ "heading",
+ l10n_util::GetStringUTF16(heading_string));
load_time_data.SetString("primaryParagraph",
l10n_util::GetStringFUTF16(
- IDS_SSL_CLOCK_ERROR,
+ IDS_SSL_V2_CLOCK_PRIMARY_PARAGRAPH ,
url,
- base::TimeFormatShortDate(now)));
+ base::TimeFormatFriendlyDateAndTime(now)));
+
+ load_time_data.SetString(
+ "primaryButtonText",
+ l10n_util::GetStringUTF16(IDS_SSL_V2_CLOCK_UPDATE_DATE_AND_TIME));
+ load_time_data.SetString(
+ "openDetails",
+ l10n_util::GetStringUTF16(IDS_SSL_RELOAD));
+
+ // The interstitial template expects these strings,
+ // but we're not using them. So we send blank strings for now.
palmer 2014/10/24 00:40:48 Nit: Wrap/format comment paragraphs, throughout (n
lgarron 2014/10/24 08:00:27 I'd be happy to format my comments properly, but I
+ load_time_data.SetString("explanationParagraph", std::string());
+ load_time_data.SetString("finalParagraph", std::string());
} else {
+ load_time_data.SetBoolean("bad_clock", false);
+
+ load_time_data.SetString(
+ "tabTitle", l10n_util::GetStringUTF16(IDS_SSL_V2_TITLE));
+ load_time_data.SetString(
+ "heading", l10n_util::GetStringUTF16(IDS_SSL_V2_HEADING));
load_time_data.SetString(
"primaryParagraph",
l10n_util::GetStringFUTF16(IDS_SSL_V2_PRIMARY_PARAGRAPH, url));
- }
+ load_time_data.SetString(
+ "openDetails",
+ l10n_util::GetStringUTF16(IDS_SSL_V2_OPEN_DETAILS_BUTTON));
+ load_time_data.SetString(
+ "closeDetails",
+ l10n_util::GetStringUTF16(IDS_SSL_V2_CLOSE_DETAILS_BUTTON));
- load_time_data.SetString(
- "openDetails",
- l10n_util::GetStringUTF16(IDS_SSL_V2_OPEN_DETAILS_BUTTON));
- load_time_data.SetString(
- "closeDetails",
- l10n_util::GetStringUTF16(IDS_SSL_V2_CLOSE_DETAILS_BUTTON));
- load_time_data.SetString("errorCode", net::ErrorToString(cert_error_));
+ if (overridable_) {
+ load_time_data.SetBoolean("overridable", true);
- if (overridable_) {
- SSLErrorInfo error_info =
- SSLErrorInfo::CreateError(
- SSLErrorInfo::NetErrorToErrorType(cert_error_),
- ssl_info_.cert.get(),
- request_url_);
- if (bad_clock) {
- load_time_data.SetString("explanationParagraph",
- l10n_util::GetStringFUTF16(
- IDS_SSL_CLOCK_ERROR_EXPLANATION, url));
- } else {
+ SSLErrorInfo error_info =
+ SSLErrorInfo::CreateError(
+ SSLErrorInfo::NetErrorToErrorType(cert_error_),
+ ssl_info_.cert.get(),
+ request_url_);
load_time_data.SetString("explanationParagraph", error_info.details());
- }
- load_time_data.SetString(
- "primaryButtonText",
- l10n_util::GetStringUTF16(IDS_SSL_OVERRIDABLE_SAFETY_BUTTON));
- load_time_data.SetString(
- "finalParagraph",
- l10n_util::GetStringFUTF16(IDS_SSL_OVERRIDABLE_PROCEED_PARAGRAPH,
- url));
- } else {
- SSLErrorInfo::ErrorType type =
- SSLErrorInfo::NetErrorToErrorType(cert_error_);
- if (type == SSLErrorInfo::CERT_INVALID && SSLErrorClassification::
- MaybeWindowsLacksSHA256Support()) {
load_time_data.SetString(
- "explanationParagraph",
- l10n_util::GetStringFUTF16(
- IDS_SSL_NONOVERRIDABLE_MORE_INVALID_SP3, url));
- } else if (bad_clock) {
- load_time_data.SetString("explanationParagraph",
- l10n_util::GetStringFUTF16(
- IDS_SSL_CLOCK_ERROR_EXPLANATION, url));
+ "primaryButtonText",
+ l10n_util::GetStringUTF16(IDS_SSL_OVERRIDABLE_SAFETY_BUTTON));
+ load_time_data.SetString(
+ "finalParagraph",
+ l10n_util::GetStringFUTF16(IDS_SSL_OVERRIDABLE_PROCEED_PARAGRAPH,
+ url));
} else {
- load_time_data.SetString("explanationParagraph",
- l10n_util::GetStringFUTF16(
- IDS_SSL_NONOVERRIDABLE_MORE, url));
- }
- load_time_data.SetString(
- "primaryButtonText",
- l10n_util::GetStringUTF16(IDS_SSL_NONOVERRIDABLE_RELOAD_BUTTON));
- // Customize the help link depending on the specific error type.
- // Only mark as HSTS if none of the more specific error types apply, and use
- // INVALID as a fallback if no other string is appropriate.
- load_time_data.SetInteger("errorType", type);
- int help_string = IDS_SSL_NONOVERRIDABLE_INVALID;
- switch (type) {
- case SSLErrorInfo::CERT_REVOKED:
- help_string = IDS_SSL_NONOVERRIDABLE_REVOKED;
- break;
- case SSLErrorInfo::CERT_PINNED_KEY_MISSING:
- help_string = IDS_SSL_NONOVERRIDABLE_PINNED;
- break;
- case SSLErrorInfo::CERT_INVALID:
- help_string = IDS_SSL_NONOVERRIDABLE_INVALID;
- break;
- default:
- if (strict_enforcement_)
- help_string = IDS_SSL_NONOVERRIDABLE_HSTS;
+ load_time_data.SetBoolean("overridable", false);
+
+ SSLErrorInfo::ErrorType type =
+ SSLErrorInfo::NetErrorToErrorType(cert_error_);
+ if (type == SSLErrorInfo::CERT_INVALID && SSLErrorClassification::
+ MaybeWindowsLacksSHA256Support()) {
+ load_time_data.SetString(
+ "explanationParagraph",
+ l10n_util::GetStringFUTF16(
+ IDS_SSL_NONOVERRIDABLE_MORE_INVALID_SP3, url));
+ } else {
+ load_time_data.SetString("explanationParagraph",
+ l10n_util::GetStringFUTF16(
+ IDS_SSL_NONOVERRIDABLE_MORE, url));
+ }
+ load_time_data.SetString(
+ "primaryButtonText",
+ l10n_util::GetStringUTF16(IDS_SSL_RELOAD));
+ // Customize the help link depending on the specific error type.
+ // Only mark as HSTS if none of the more specific error types apply,
+ // and use INVALID as a fallback if no other string is appropriate.
+ load_time_data.SetInteger("errorType", type);
+ int help_string = IDS_SSL_NONOVERRIDABLE_INVALID;
+ switch (type) {
+ case SSLErrorInfo::CERT_REVOKED:
+ help_string = IDS_SSL_NONOVERRIDABLE_REVOKED;
+ break;
+ case SSLErrorInfo::CERT_PINNED_KEY_MISSING:
+ help_string = IDS_SSL_NONOVERRIDABLE_PINNED;
+ break;
+ case SSLErrorInfo::CERT_INVALID:
+ help_string = IDS_SSL_NONOVERRIDABLE_INVALID;
+ break;
+ default:
+ if (strict_enforcement_)
+ help_string = IDS_SSL_NONOVERRIDABLE_HSTS;
+ }
+ load_time_data.SetString(
+ "finalParagraph", l10n_util::GetStringFUTF16(help_string, url));
}
- load_time_data.SetString(
- "finalParagraph", l10n_util::GetStringFUTF16(help_string, url));
}
// Set debugging information at the bottom of the warning.
@@ -557,7 +588,9 @@ void SSLBlockingPage::CommandReceived(const std::string& command) {
break;
}
case CMD_PROCEED: {
- interstitial_page_->Proceed();
+ if (danger_overridable_) {
+ interstitial_page_->Proceed();
+ }
break;
}
case CMD_MORE: {
« chrome/browser/ssl/ssl_blocking_page.h ('K') | « chrome/browser/ssl/ssl_blocking_page.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698