OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 // | 4 // |
5 // Implementation of the SafeBrowsingBlockingPage class. | 5 // Implementation of the SafeBrowsingBlockingPage class. |
6 | 6 |
7 #include "chrome/browser/safe_browsing/safe_browsing_blocking_page.h" | 7 #include "chrome/browser/safe_browsing/safe_browsing_blocking_page.h" |
8 | 8 |
9 #include <string> | 9 #include <string> |
10 | 10 |
(...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
62 "http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=%s&clie nt=chromium"; | 62 "http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=%s&clie nt=chromium"; |
63 #endif | 63 #endif |
64 | 64 |
65 // URL for malware and phishing, V2. | 65 // URL for malware and phishing, V2. |
66 const char kLearnMoreMalwareUrlV2[] = | 66 const char kLearnMoreMalwareUrlV2[] = |
67 "https://www.google.com/transparencyreport/safebrowsing/"; | 67 "https://www.google.com/transparencyreport/safebrowsing/"; |
68 const char kLearnMorePhishingUrlV2[] = | 68 const char kLearnMorePhishingUrlV2[] = |
69 "https://www.google.com/transparencyreport/safebrowsing/"; | 69 "https://www.google.com/transparencyreport/safebrowsing/"; |
70 | 70 |
71 const char kPrivacyLinkHtml[] = | 71 const char kPrivacyLinkHtml[] = |
72 "<a id=\"privacy-link\" href=\"\" onclick=\"sendCommand('showPrivacy'); " | 72 "<a id=\"privacy-link\" href=\"\" onclick=\"sendCommand(%d); " |
73 "return false;\" onmousedown=\"return false;\">%s</a>"; | 73 "return false;\" onmousedown=\"return false;\">%s</a>"; |
74 | 74 |
75 // After a malware interstitial where the user opted-in to the report | 75 // After a malware interstitial where the user opted-in to the report |
76 // but clicked "proceed anyway", we delay the call to | 76 // but clicked "proceed anyway", we delay the call to |
77 // MalwareDetails::FinishCollection() by this much time (in | 77 // MalwareDetails::FinishCollection() by this much time (in |
78 // milliseconds). | 78 // milliseconds). |
79 const int64 kMalwareDetailsProceedDelayMilliSeconds = 3000; | 79 const int64 kMalwareDetailsProceedDelayMilliSeconds = 3000; |
80 | 80 |
81 // The commands returned by the page when the user performs an action. | |
82 const char kDoReportCommand[] = "doReport"; | |
83 const char kDontReportCommand[] = "dontReport"; | |
84 const char kExpandedSeeMoreCommand[] = "expandedSeeMore"; | |
85 const char kLearnMoreCommand[] = "learnMore2"; | |
86 const char kProceedCommand[] = "proceed"; | |
87 const char kShowDiagnosticCommand[] = "showDiagnostic"; | |
88 const char kShowPrivacyCommand[] = "showPrivacy"; | |
89 const char kTakeMeBackCommand[] = "takeMeBack"; | |
90 | |
91 // Other constants used to communicate with the JavaScript. | 81 // Other constants used to communicate with the JavaScript. |
92 const char kBoxChecked[] = "boxchecked"; | 82 const char kBoxChecked[] = "boxchecked"; |
93 const char kDisplayCheckBox[] = "displaycheckbox"; | 83 const char kDisplayCheckBox[] = "displaycheckbox"; |
94 | 84 |
95 // Constants for the Experience Sampling instrumentation. | 85 // Constants for the Experience Sampling instrumentation. |
96 const char kEventNameMalware[] = "safebrowsing_interstitial_"; | 86 const char kEventNameMalware[] = "safebrowsing_interstitial_"; |
97 const char kEventNameHarmful[] = "harmful_interstitial_"; | 87 const char kEventNameHarmful[] = "harmful_interstitial_"; |
98 const char kEventNamePhishing[] = "phishing_interstitial_"; | 88 const char kEventNamePhishing[] = "phishing_interstitial_"; |
99 const char kEventNameOther[] = "safebrowsing_other_interstitial_"; | 89 const char kEventNameOther[] = "safebrowsing_other_interstitial_"; |
100 | 90 |
(...skipping 108 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
209 } | 199 } |
210 | 200 |
211 bool SafeBrowsingBlockingPage::CanShowMalwareDetailsOption() { | 201 bool SafeBrowsingBlockingPage::CanShowMalwareDetailsOption() { |
212 return (!web_contents()->GetBrowserContext()->IsOffTheRecord() && | 202 return (!web_contents()->GetBrowserContext()->IsOffTheRecord() && |
213 web_contents()->GetURL().SchemeIs(url::kHttpScheme)); | 203 web_contents()->GetURL().SchemeIs(url::kHttpScheme)); |
214 } | 204 } |
215 | 205 |
216 SafeBrowsingBlockingPage::~SafeBrowsingBlockingPage() { | 206 SafeBrowsingBlockingPage::~SafeBrowsingBlockingPage() { |
217 } | 207 } |
218 | 208 |
219 void SafeBrowsingBlockingPage::CommandReceived(const std::string& cmd) { | 209 void SafeBrowsingBlockingPage::CommandReceived(const std::string& page_cmd) { |
220 std::string command(cmd); // Make a local copy so we can modify it. | 210 if (page_cmd == "\"pageLoadComplete\"") { |
221 // The Jasonified response has quotes, remove them. | |
222 if (command.length() > 1 && command[0] == '"') { | |
223 command = command.substr(1, command.length() - 2); | |
224 } | |
225 | |
226 if (command == "pageLoadComplete") { | |
227 // content::WaitForRenderFrameReady sends this message when the page | 211 // content::WaitForRenderFrameReady sends this message when the page |
228 // load completes. Ignore it. | 212 // load completes. Ignore it. |
229 return; | 213 return; |
230 } | 214 } |
231 | 215 |
232 if (command == kDoReportCommand) { | 216 int command = 0; |
217 bool retval = base::StringToInt(page_cmd, &command); | |
218 DCHECK(retval) << page_cmd; | |
219 | |
220 if (command == CMD_DO_REPORT) { | |
Bernhard Bauer
2015/03/11 08:42:14
I *think* you could turn this into a switch statem
felt
2015/03/11 15:25:09
Done.
| |
233 SetReportingPreference(true); | 221 SetReportingPreference(true); |
234 return; | 222 return; |
235 } | 223 } |
236 | 224 |
237 if (command == kDontReportCommand) { | 225 if (command == CMD_DONT_REPORT) { |
238 SetReportingPreference(false); | 226 SetReportingPreference(false); |
239 return; | 227 return; |
240 } | 228 } |
241 | 229 |
242 if (command == kLearnMoreCommand) { | 230 if (command == CMD_OPEN_HELP_CENTER) { |
243 // User pressed "Learn more". | 231 // User pressed "Learn more". |
244 metrics_helper_->RecordUserInteraction( | 232 metrics_helper_->RecordUserInteraction( |
245 SecurityInterstitialMetricsHelper::SHOW_LEARN_MORE); | 233 SecurityInterstitialMetricsHelper::SHOW_LEARN_MORE); |
246 GURL learn_more_url( | 234 GURL learn_more_url( |
247 interstitial_reason_ == SB_REASON_PHISHING ? | 235 interstitial_reason_ == SB_REASON_PHISHING ? |
248 kLearnMorePhishingUrlV2 : kLearnMoreMalwareUrlV2); | 236 kLearnMorePhishingUrlV2 : kLearnMoreMalwareUrlV2); |
249 learn_more_url = google_util::AppendGoogleLocaleParam( | 237 learn_more_url = google_util::AppendGoogleLocaleParam( |
250 learn_more_url, g_browser_process->GetApplicationLocale()); | 238 learn_more_url, g_browser_process->GetApplicationLocale()); |
251 OpenURLParams params(learn_more_url, | 239 OpenURLParams params(learn_more_url, |
252 Referrer(), | 240 Referrer(), |
253 CURRENT_TAB, | 241 CURRENT_TAB, |
254 ui::PAGE_TRANSITION_LINK, | 242 ui::PAGE_TRANSITION_LINK, |
255 false); | 243 false); |
256 web_contents()->OpenURL(params); | 244 web_contents()->OpenURL(params); |
257 return; | 245 return; |
258 } | 246 } |
259 | 247 |
260 if (command == kShowPrivacyCommand) { | 248 if (command == CMD_OPEN_REPORTING_PRIVACY) { |
261 // User pressed "Safe Browsing privacy policy". | 249 // User pressed "Safe Browsing privacy policy". |
262 metrics_helper_->RecordUserInteraction( | 250 metrics_helper_->RecordUserInteraction( |
263 SecurityInterstitialMetricsHelper::SHOW_PRIVACY_POLICY); | 251 SecurityInterstitialMetricsHelper::SHOW_PRIVACY_POLICY); |
264 GURL privacy_url( | 252 GURL privacy_url( |
265 l10n_util::GetStringUTF8(IDS_SAFE_BROWSING_PRIVACY_POLICY_URL)); | 253 l10n_util::GetStringUTF8(IDS_SAFE_BROWSING_PRIVACY_POLICY_URL)); |
266 privacy_url = google_util::AppendGoogleLocaleParam( | 254 privacy_url = google_util::AppendGoogleLocaleParam( |
267 privacy_url, g_browser_process->GetApplicationLocale()); | 255 privacy_url, g_browser_process->GetApplicationLocale()); |
268 OpenURLParams params(privacy_url, | 256 OpenURLParams params(privacy_url, |
269 Referrer(), | 257 Referrer(), |
270 CURRENT_TAB, | 258 CURRENT_TAB, |
271 ui::PAGE_TRANSITION_LINK, | 259 ui::PAGE_TRANSITION_LINK, |
272 false); | 260 false); |
273 web_contents()->OpenURL(params); | 261 web_contents()->OpenURL(params); |
274 return; | 262 return; |
275 } | 263 } |
276 | 264 |
277 bool proceed_blocked = false; | 265 bool proceed_blocked = false; |
278 if (command == kProceedCommand) { | 266 if (command == CMD_PROCEED) { |
279 if (IsPrefEnabled(prefs::kSafeBrowsingProceedAnywayDisabled)) { | 267 if (IsPrefEnabled(prefs::kSafeBrowsingProceedAnywayDisabled)) { |
280 proceed_blocked = true; | 268 proceed_blocked = true; |
281 } else { | 269 } else { |
282 metrics_helper_->RecordUserDecision( | 270 metrics_helper_->RecordUserDecision( |
283 SecurityInterstitialMetricsHelper::PROCEED); | 271 SecurityInterstitialMetricsHelper::PROCEED); |
284 interstitial_page()->Proceed(); | 272 interstitial_page()->Proceed(); |
285 // |this| has been deleted after Proceed() returns. | 273 // |this| has been deleted after Proceed() returns. |
286 return; | 274 return; |
287 } | 275 } |
288 } | 276 } |
289 | 277 |
290 if (command == kTakeMeBackCommand || proceed_blocked) { | 278 if (command == CMD_DONT_PROCEED || proceed_blocked) { |
291 // Don't record the user action here because there are other ways of | 279 // Don't record the user action here because there are other ways of |
292 // triggering DontProceed, like clicking the back button. | 280 // triggering DontProceed, like clicking the back button. |
293 if (is_main_frame_load_blocked_) { | 281 if (is_main_frame_load_blocked_) { |
294 // If the load is blocked, we want to close the interstitial and discard | 282 // If the load is blocked, we want to close the interstitial and discard |
295 // the pending entry. | 283 // the pending entry. |
296 interstitial_page()->DontProceed(); | 284 interstitial_page()->DontProceed(); |
297 // |this| has been deleted after DontProceed() returns. | 285 // |this| has been deleted after DontProceed() returns. |
298 return; | 286 return; |
299 } | 287 } |
300 | 288 |
301 // Otherwise the offending entry has committed, and we need to go back or | 289 // Otherwise the offending entry has committed, and we need to go back or |
302 // to a safe page. We will close the interstitial when that page commits. | 290 // to a safe page. We will close the interstitial when that page commits. |
303 if (web_contents()->GetController().CanGoBack()) { | 291 if (web_contents()->GetController().CanGoBack()) { |
304 web_contents()->GetController().GoBack(); | 292 web_contents()->GetController().GoBack(); |
305 } else { | 293 } else { |
306 web_contents()->GetController().LoadURL( | 294 web_contents()->GetController().LoadURL( |
307 GURL(chrome::kChromeUINewTabURL), | 295 GURL(chrome::kChromeUINewTabURL), |
308 content::Referrer(), | 296 content::Referrer(), |
309 ui::PAGE_TRANSITION_AUTO_TOPLEVEL, | 297 ui::PAGE_TRANSITION_AUTO_TOPLEVEL, |
310 std::string()); | 298 std::string()); |
311 } | 299 } |
312 return; | 300 return; |
313 } | 301 } |
314 | 302 |
315 // The "report error" and "show diagnostic" commands can have a number | 303 // TODO(felt): element_index will always be 0. See crbug.com/464732 |
316 // appended to them, which is the index of the element they apply to. | |
317 size_t element_index = 0; | 304 size_t element_index = 0; |
Bernhard Bauer
2015/03/11 08:42:14
Move this into the if-statement block?
felt
2015/03/11 15:25:09
Done.
| |
318 size_t colon_index = command.find(':'); | 305 const UnsafeResource& unsafe_resource = unsafe_resources_[element_index]; |
319 if (colon_index != std::string::npos) { | 306 std::string bad_url_spec = unsafe_resource.url.spec(); |
320 DCHECK(colon_index < command.size() - 1); | 307 if (command == CMD_OPEN_DIAGNOSTIC) { |
321 int result_int = 0; | |
322 bool result = base::StringToInt(base::StringPiece(command.begin() + | |
323 colon_index + 1, | |
324 command.end()), | |
325 &result_int); | |
326 command = command.substr(0, colon_index); | |
327 if (result) | |
328 element_index = static_cast<size_t>(result_int); | |
329 } | |
330 | |
331 if (element_index >= unsafe_resources_.size()) { | |
332 NOTREACHED(); | |
333 return; | |
334 } | |
335 | |
336 std::string bad_url_spec = unsafe_resources_[element_index].url.spec(); | |
337 if (command == kShowDiagnosticCommand) { | |
338 // We're going to take the user to Google's SafeBrowsing diagnostic page. | 308 // We're going to take the user to Google's SafeBrowsing diagnostic page. |
339 metrics_helper_->RecordUserInteraction( | 309 metrics_helper_->RecordUserInteraction( |
340 SecurityInterstitialMetricsHelper::SHOW_DIAGNOSTIC); | 310 SecurityInterstitialMetricsHelper::SHOW_DIAGNOSTIC); |
341 std::string diagnostic = | 311 std::string diagnostic = |
342 base::StringPrintf(kSbDiagnosticUrl, | 312 base::StringPrintf(kSbDiagnosticUrl, |
343 net::EscapeQueryParamValue(bad_url_spec, true).c_str()); | 313 net::EscapeQueryParamValue(bad_url_spec, true).c_str()); |
344 GURL diagnostic_url(diagnostic); | 314 GURL diagnostic_url(diagnostic); |
345 diagnostic_url = google_util::AppendGoogleLocaleParam( | 315 diagnostic_url = google_util::AppendGoogleLocaleParam( |
346 diagnostic_url, g_browser_process->GetApplicationLocale()); | 316 diagnostic_url, g_browser_process->GetApplicationLocale()); |
347 DCHECK(unsafe_resources_[element_index].threat_type == | 317 DCHECK(unsafe_resource.threat_type == SB_THREAT_TYPE_URL_MALWARE || |
348 SB_THREAT_TYPE_URL_MALWARE || | 318 unsafe_resource.threat_type == |
349 unsafe_resources_[element_index].threat_type == | |
350 SB_THREAT_TYPE_CLIENT_SIDE_MALWARE_URL || | 319 SB_THREAT_TYPE_CLIENT_SIDE_MALWARE_URL || |
351 unsafe_resources_[element_index].threat_type == | 320 unsafe_resource.threat_type == SB_THREAT_TYPE_URL_UNWANTED); |
352 SB_THREAT_TYPE_URL_UNWANTED); | |
353 OpenURLParams params( | 321 OpenURLParams params( |
354 diagnostic_url, Referrer(), CURRENT_TAB, ui::PAGE_TRANSITION_LINK, | 322 diagnostic_url, Referrer(), CURRENT_TAB, ui::PAGE_TRANSITION_LINK, |
355 false); | 323 false); |
356 web_contents()->OpenURL(params); | 324 web_contents()->OpenURL(params); |
357 return; | 325 return; |
358 } | 326 } |
359 | 327 |
360 if (command == kExpandedSeeMoreCommand) { | 328 if (command == CMD_SHOW_MORE_SECTION) { |
361 metrics_helper_->RecordUserInteraction( | 329 metrics_helper_->RecordUserInteraction( |
362 SecurityInterstitialMetricsHelper::SHOW_ADVANCED); | 330 SecurityInterstitialMetricsHelper::SHOW_ADVANCED); |
363 return; | 331 return; |
364 } | 332 } |
365 | 333 |
366 NOTREACHED() << "Unexpected command: " << command; | 334 NOTREACHED() << "Unexpected command: " << command; |
367 } | 335 } |
368 | 336 |
369 void SafeBrowsingBlockingPage::OverrideRendererPrefs( | 337 void SafeBrowsingBlockingPage::OverrideRendererPrefs( |
370 content::RendererPreferences* prefs) { | 338 content::RendererPreferences* prefs) { |
(...skipping 250 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
621 void SafeBrowsingBlockingPage::PopulateExtendedReportingOption( | 589 void SafeBrowsingBlockingPage::PopulateExtendedReportingOption( |
622 base::DictionaryValue* load_time_data) { | 590 base::DictionaryValue* load_time_data) { |
623 // Only show checkbox if !(HTTPS || incognito-mode). | 591 // Only show checkbox if !(HTTPS || incognito-mode). |
624 const bool show = CanShowMalwareDetailsOption(); | 592 const bool show = CanShowMalwareDetailsOption(); |
625 load_time_data->SetBoolean(kDisplayCheckBox, show); | 593 load_time_data->SetBoolean(kDisplayCheckBox, show); |
626 if (!show) | 594 if (!show) |
627 return; | 595 return; |
628 | 596 |
629 const std::string privacy_link = base::StringPrintf( | 597 const std::string privacy_link = base::StringPrintf( |
630 kPrivacyLinkHtml, | 598 kPrivacyLinkHtml, |
599 CMD_OPEN_REPORTING_PRIVACY, | |
631 l10n_util::GetStringUTF8( | 600 l10n_util::GetStringUTF8( |
632 IDS_SAFE_BROWSING_PRIVACY_POLICY_PAGE).c_str()); | 601 IDS_SAFE_BROWSING_PRIVACY_POLICY_PAGE).c_str()); |
633 load_time_data->SetString( | 602 load_time_data->SetString( |
634 "optInLink", | 603 "optInLink", |
635 l10n_util::GetStringFUTF16(IDS_SAFE_BROWSING_MALWARE_REPORTING_AGREE, | 604 l10n_util::GetStringFUTF16(IDS_SAFE_BROWSING_MALWARE_REPORTING_AGREE, |
636 base::UTF8ToUTF16(privacy_link))); | 605 base::UTF8ToUTF16(privacy_link))); |
637 load_time_data->SetBoolean( | 606 load_time_data->SetBoolean( |
638 kBoxChecked, | 607 kBoxChecked, |
639 IsPrefEnabled(prefs::kSafeBrowsingExtendedReportingEnabled)); | 608 IsPrefEnabled(prefs::kSafeBrowsingExtendedReportingEnabled)); |
640 } | 609 } |
(...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
702 load_time_data->SetString( | 671 load_time_data->SetString( |
703 "explanationParagraph", | 672 "explanationParagraph", |
704 l10n_util::GetStringFUTF16(IDS_PHISHING_V3_EXPLANATION_PARAGRAPH, | 673 l10n_util::GetStringFUTF16(IDS_PHISHING_V3_EXPLANATION_PARAGRAPH, |
705 GetFormattedHostName())); | 674 GetFormattedHostName())); |
706 load_time_data->SetString( | 675 load_time_data->SetString( |
707 "finalParagraph", | 676 "finalParagraph", |
708 l10n_util::GetStringUTF16(IDS_PHISHING_V3_PROCEED_PARAGRAPH)); | 677 l10n_util::GetStringUTF16(IDS_PHISHING_V3_PROCEED_PARAGRAPH)); |
709 | 678 |
710 PopulateExtendedReportingOption(load_time_data); | 679 PopulateExtendedReportingOption(load_time_data); |
711 } | 680 } |
OLD | NEW |