OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 // | 4 // |
5 // Implementation of the SafeBrowsingBlockingPage class. | 5 // Implementation of the SafeBrowsingBlockingPage class. |
6 | 6 |
7 #include "chrome/browser/safe_browsing/safe_browsing_blocking_page.h" | 7 #include "chrome/browser/safe_browsing/safe_browsing_blocking_page.h" |
8 | 8 |
9 #include <string> | 9 #include <string> |
10 | 10 |
(...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
62 "http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=%s&clie nt=chromium"; | 62 "http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=%s&clie nt=chromium"; |
63 #endif | 63 #endif |
64 | 64 |
65 // URL for malware and phishing, V2. | 65 // URL for malware and phishing, V2. |
66 const char kLearnMoreMalwareUrlV2[] = | 66 const char kLearnMoreMalwareUrlV2[] = |
67 "https://www.google.com/transparencyreport/safebrowsing/"; | 67 "https://www.google.com/transparencyreport/safebrowsing/"; |
68 const char kLearnMorePhishingUrlV2[] = | 68 const char kLearnMorePhishingUrlV2[] = |
69 "https://www.google.com/transparencyreport/safebrowsing/"; | 69 "https://www.google.com/transparencyreport/safebrowsing/"; |
70 | 70 |
71 const char kPrivacyLinkHtml[] = | 71 const char kPrivacyLinkHtml[] = |
72 "<a id=\"privacy-link\" href=\"\" onclick=\"sendCommand('showPrivacy'); " | 72 "<a id=\"privacy-link\" href=\"\" onclick=\"sendCommand(10); " |
meacer
2015/03/06 18:29:22
How about using |sendCommand(%d)| here and filling
felt
2015/03/07 04:02:39
Done.
| |
73 "return false;\" onmousedown=\"return false;\">%s</a>"; | 73 "return false;\" onmousedown=\"return false;\">%s</a>"; |
74 | 74 |
75 // After a malware interstitial where the user opted-in to the report | 75 // After a malware interstitial where the user opted-in to the report |
76 // but clicked "proceed anyway", we delay the call to | 76 // but clicked "proceed anyway", we delay the call to |
77 // MalwareDetails::FinishCollection() by this much time (in | 77 // MalwareDetails::FinishCollection() by this much time (in |
78 // milliseconds). | 78 // milliseconds). |
79 const int64 kMalwareDetailsProceedDelayMilliSeconds = 3000; | 79 const int64 kMalwareDetailsProceedDelayMilliSeconds = 3000; |
80 | 80 |
81 // The commands returned by the page when the user performs an action. | |
82 const char kDoReportCommand[] = "doReport"; | |
83 const char kDontReportCommand[] = "dontReport"; | |
84 const char kExpandedSeeMoreCommand[] = "expandedSeeMore"; | |
85 const char kLearnMoreCommand[] = "learnMore2"; | |
86 const char kProceedCommand[] = "proceed"; | |
87 const char kShowDiagnosticCommand[] = "showDiagnostic"; | |
88 const char kShowPrivacyCommand[] = "showPrivacy"; | |
89 const char kTakeMeBackCommand[] = "takeMeBack"; | |
90 | |
91 // Other constants used to communicate with the JavaScript. | 81 // Other constants used to communicate with the JavaScript. |
92 const char kBoxChecked[] = "boxchecked"; | 82 const char kBoxChecked[] = "boxchecked"; |
93 const char kDisplayCheckBox[] = "displaycheckbox"; | 83 const char kDisplayCheckBox[] = "displaycheckbox"; |
94 | 84 |
95 // Constants for the Experience Sampling instrumentation. | 85 // Constants for the Experience Sampling instrumentation. |
96 const char kEventNameMalware[] = "safebrowsing_interstitial_"; | 86 const char kEventNameMalware[] = "safebrowsing_interstitial_"; |
97 const char kEventNameHarmful[] = "harmful_interstitial_"; | 87 const char kEventNameHarmful[] = "harmful_interstitial_"; |
98 const char kEventNamePhishing[] = "phishing_interstitial_"; | 88 const char kEventNamePhishing[] = "phishing_interstitial_"; |
99 const char kEventNameOther[] = "safebrowsing_other_interstitial_"; | 89 const char kEventNameOther[] = "safebrowsing_other_interstitial_"; |
100 | 90 |
(...skipping 108 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
209 } | 199 } |
210 | 200 |
211 bool SafeBrowsingBlockingPage::CanShowMalwareDetailsOption() { | 201 bool SafeBrowsingBlockingPage::CanShowMalwareDetailsOption() { |
212 return (!web_contents()->GetBrowserContext()->IsOffTheRecord() && | 202 return (!web_contents()->GetBrowserContext()->IsOffTheRecord() && |
213 web_contents()->GetURL().SchemeIs(url::kHttpScheme)); | 203 web_contents()->GetURL().SchemeIs(url::kHttpScheme)); |
214 } | 204 } |
215 | 205 |
216 SafeBrowsingBlockingPage::~SafeBrowsingBlockingPage() { | 206 SafeBrowsingBlockingPage::~SafeBrowsingBlockingPage() { |
217 } | 207 } |
218 | 208 |
219 void SafeBrowsingBlockingPage::CommandReceived(const std::string& cmd) { | 209 void SafeBrowsingBlockingPage::CommandReceived(const std::string& page_cmd) { |
220 std::string command(cmd); // Make a local copy so we can modify it. | 210 int command = 0; |
221 // The Jasonified response has quotes, remove them. | 211 bool retval = base::StringToInt(page_cmd, &command); |
222 if (command.length() > 1 && command[0] == '"') { | 212 DCHECK(retval); |
223 command = command.substr(1, command.length() - 2); | |
224 } | |
225 | 213 |
226 if (command == "pageLoadComplete") { | 214 if (command == CMD_DO_REPORT) { |
227 // content::WaitForRenderFrameReady sends this message when the page | |
228 // load completes. Ignore it. | |
229 return; | |
230 } | |
231 | |
232 if (command == kDoReportCommand) { | |
233 SetReportingPreference(true); | 215 SetReportingPreference(true); |
234 return; | 216 return; |
235 } | 217 } |
236 | 218 |
237 if (command == kDontReportCommand) { | 219 if (command == CMD_DONT_REPORT) { |
238 SetReportingPreference(false); | 220 SetReportingPreference(false); |
239 return; | 221 return; |
240 } | 222 } |
241 | 223 |
242 if (command == kLearnMoreCommand) { | 224 if (command == CMD_OPEN_HELP_CENTER) { |
243 // User pressed "Learn more". | 225 // User pressed "Learn more". |
244 metrics_helper_->RecordUserInteraction( | 226 metrics_helper_->RecordUserInteraction( |
245 SecurityInterstitialMetricsHelper::SHOW_LEARN_MORE); | 227 SecurityInterstitialMetricsHelper::SHOW_LEARN_MORE); |
246 GURL learn_more_url( | 228 GURL learn_more_url( |
247 interstitial_reason_ == SB_REASON_PHISHING ? | 229 interstitial_reason_ == SB_REASON_PHISHING ? |
248 kLearnMorePhishingUrlV2 : kLearnMoreMalwareUrlV2); | 230 kLearnMorePhishingUrlV2 : kLearnMoreMalwareUrlV2); |
249 learn_more_url = google_util::AppendGoogleLocaleParam( | 231 learn_more_url = google_util::AppendGoogleLocaleParam( |
250 learn_more_url, g_browser_process->GetApplicationLocale()); | 232 learn_more_url, g_browser_process->GetApplicationLocale()); |
251 OpenURLParams params(learn_more_url, | 233 OpenURLParams params(learn_more_url, |
252 Referrer(), | 234 Referrer(), |
253 CURRENT_TAB, | 235 CURRENT_TAB, |
254 ui::PAGE_TRANSITION_LINK, | 236 ui::PAGE_TRANSITION_LINK, |
255 false); | 237 false); |
256 web_contents()->OpenURL(params); | 238 web_contents()->OpenURL(params); |
257 return; | 239 return; |
258 } | 240 } |
259 | 241 |
260 if (command == kShowPrivacyCommand) { | 242 if (command == CMD_OPEN_REPORTING_PRIVACY) { |
261 // User pressed "Safe Browsing privacy policy". | 243 // User pressed "Safe Browsing privacy policy". |
262 metrics_helper_->RecordUserInteraction( | 244 metrics_helper_->RecordUserInteraction( |
263 SecurityInterstitialMetricsHelper::SHOW_PRIVACY_POLICY); | 245 SecurityInterstitialMetricsHelper::SHOW_PRIVACY_POLICY); |
264 GURL privacy_url( | 246 GURL privacy_url( |
265 l10n_util::GetStringUTF8(IDS_SAFE_BROWSING_PRIVACY_POLICY_URL)); | 247 l10n_util::GetStringUTF8(IDS_SAFE_BROWSING_PRIVACY_POLICY_URL)); |
266 privacy_url = google_util::AppendGoogleLocaleParam( | 248 privacy_url = google_util::AppendGoogleLocaleParam( |
267 privacy_url, g_browser_process->GetApplicationLocale()); | 249 privacy_url, g_browser_process->GetApplicationLocale()); |
268 OpenURLParams params(privacy_url, | 250 OpenURLParams params(privacy_url, |
269 Referrer(), | 251 Referrer(), |
270 CURRENT_TAB, | 252 CURRENT_TAB, |
271 ui::PAGE_TRANSITION_LINK, | 253 ui::PAGE_TRANSITION_LINK, |
272 false); | 254 false); |
273 web_contents()->OpenURL(params); | 255 web_contents()->OpenURL(params); |
274 return; | 256 return; |
275 } | 257 } |
276 | 258 |
277 bool proceed_blocked = false; | 259 bool proceed_blocked = false; |
278 if (command == kProceedCommand) { | 260 if (command == CMD_PROCEED) { |
279 if (IsPrefEnabled(prefs::kSafeBrowsingProceedAnywayDisabled)) { | 261 if (IsPrefEnabled(prefs::kSafeBrowsingProceedAnywayDisabled)) { |
280 proceed_blocked = true; | 262 proceed_blocked = true; |
281 } else { | 263 } else { |
282 metrics_helper_->RecordUserDecision( | 264 metrics_helper_->RecordUserDecision( |
283 SecurityInterstitialMetricsHelper::PROCEED); | 265 SecurityInterstitialMetricsHelper::PROCEED); |
284 interstitial_page()->Proceed(); | 266 interstitial_page()->Proceed(); |
285 // |this| has been deleted after Proceed() returns. | 267 // |this| has been deleted after Proceed() returns. |
286 return; | 268 return; |
287 } | 269 } |
288 } | 270 } |
289 | 271 |
290 if (command == kTakeMeBackCommand || proceed_blocked) { | 272 if (command == CMD_DONT_PROCEED || proceed_blocked) { |
291 // Don't record the user action here because there are other ways of | 273 // Don't record the user action here because there are other ways of |
292 // triggering DontProceed, like clicking the back button. | 274 // triggering DontProceed, like clicking the back button. |
293 if (is_main_frame_load_blocked_) { | 275 if (is_main_frame_load_blocked_) { |
294 // If the load is blocked, we want to close the interstitial and discard | 276 // If the load is blocked, we want to close the interstitial and discard |
295 // the pending entry. | 277 // the pending entry. |
296 interstitial_page()->DontProceed(); | 278 interstitial_page()->DontProceed(); |
297 // |this| has been deleted after DontProceed() returns. | 279 // |this| has been deleted after DontProceed() returns. |
298 return; | 280 return; |
299 } | 281 } |
300 | 282 |
301 // Otherwise the offending entry has committed, and we need to go back or | 283 // Otherwise the offending entry has committed, and we need to go back or |
302 // to a safe page. We will close the interstitial when that page commits. | 284 // to a safe page. We will close the interstitial when that page commits. |
303 if (web_contents()->GetController().CanGoBack()) { | 285 if (web_contents()->GetController().CanGoBack()) { |
304 web_contents()->GetController().GoBack(); | 286 web_contents()->GetController().GoBack(); |
305 } else { | 287 } else { |
306 web_contents()->GetController().LoadURL( | 288 web_contents()->GetController().LoadURL( |
307 GURL(chrome::kChromeUINewTabURL), | 289 GURL(chrome::kChromeUINewTabURL), |
308 content::Referrer(), | 290 content::Referrer(), |
309 ui::PAGE_TRANSITION_AUTO_TOPLEVEL, | 291 ui::PAGE_TRANSITION_AUTO_TOPLEVEL, |
310 std::string()); | 292 std::string()); |
311 } | 293 } |
312 return; | 294 return; |
313 } | 295 } |
314 | 296 |
315 // The "report error" and "show diagnostic" commands can have a number | 297 // TODO(felt): element_index will always be 0. See crbug.com/464732 |
316 // appended to them, which is the index of the element they apply to. | |
317 size_t element_index = 0; | 298 size_t element_index = 0; |
318 size_t colon_index = command.find(':'); | |
319 if (colon_index != std::string::npos) { | |
320 DCHECK(colon_index < command.size() - 1); | |
321 int result_int = 0; | |
322 bool result = base::StringToInt(base::StringPiece(command.begin() + | |
323 colon_index + 1, | |
324 command.end()), | |
325 &result_int); | |
326 command = command.substr(0, colon_index); | |
327 if (result) | |
328 element_index = static_cast<size_t>(result_int); | |
329 } | |
330 | |
331 if (element_index >= unsafe_resources_.size()) { | |
332 NOTREACHED(); | |
333 return; | |
334 } | |
335 | |
336 std::string bad_url_spec = unsafe_resources_[element_index].url.spec(); | 299 std::string bad_url_spec = unsafe_resources_[element_index].url.spec(); |
meacer
2015/03/06 18:29:22
While you are at it, could you have a reference to
felt
2015/03/07 04:02:39
Done.
meacer
2015/03/07 05:23:09
Why not |const UnsafeResource& unsafe_resource = .
felt
2015/03/07 05:50:04
Sure. Leaving the int as a separate definition bec
| |
337 if (command == kShowDiagnosticCommand) { | 300 if (command == CMD_OPEN_DIAGNOSTIC) { |
338 // We're going to take the user to Google's SafeBrowsing diagnostic page. | 301 // We're going to take the user to Google's SafeBrowsing diagnostic page. |
339 metrics_helper_->RecordUserInteraction( | 302 metrics_helper_->RecordUserInteraction( |
340 SecurityInterstitialMetricsHelper::SHOW_DIAGNOSTIC); | 303 SecurityInterstitialMetricsHelper::SHOW_DIAGNOSTIC); |
341 std::string diagnostic = | 304 std::string diagnostic = |
342 base::StringPrintf(kSbDiagnosticUrl, | 305 base::StringPrintf(kSbDiagnosticUrl, |
343 net::EscapeQueryParamValue(bad_url_spec, true).c_str()); | 306 net::EscapeQueryParamValue(bad_url_spec, true).c_str()); |
344 GURL diagnostic_url(diagnostic); | 307 GURL diagnostic_url(diagnostic); |
345 diagnostic_url = google_util::AppendGoogleLocaleParam( | 308 diagnostic_url = google_util::AppendGoogleLocaleParam( |
346 diagnostic_url, g_browser_process->GetApplicationLocale()); | 309 diagnostic_url, g_browser_process->GetApplicationLocale()); |
347 DCHECK(unsafe_resources_[element_index].threat_type == | 310 DCHECK(unsafe_resources_[element_index].threat_type == |
348 SB_THREAT_TYPE_URL_MALWARE || | 311 SB_THREAT_TYPE_URL_MALWARE || |
349 unsafe_resources_[element_index].threat_type == | 312 unsafe_resources_[element_index].threat_type == |
350 SB_THREAT_TYPE_CLIENT_SIDE_MALWARE_URL || | 313 SB_THREAT_TYPE_CLIENT_SIDE_MALWARE_URL || |
351 unsafe_resources_[element_index].threat_type == | 314 unsafe_resources_[element_index].threat_type == |
352 SB_THREAT_TYPE_URL_UNWANTED); | 315 SB_THREAT_TYPE_URL_UNWANTED); |
353 OpenURLParams params( | 316 OpenURLParams params( |
354 diagnostic_url, Referrer(), CURRENT_TAB, ui::PAGE_TRANSITION_LINK, | 317 diagnostic_url, Referrer(), CURRENT_TAB, ui::PAGE_TRANSITION_LINK, |
355 false); | 318 false); |
356 web_contents()->OpenURL(params); | 319 web_contents()->OpenURL(params); |
357 return; | 320 return; |
358 } | 321 } |
359 | 322 |
360 if (command == kExpandedSeeMoreCommand) { | 323 if (command == CMD_SHOW_MORE_SECTION) { |
361 metrics_helper_->RecordUserInteraction( | 324 metrics_helper_->RecordUserInteraction( |
362 SecurityInterstitialMetricsHelper::SHOW_ADVANCED); | 325 SecurityInterstitialMetricsHelper::SHOW_ADVANCED); |
363 return; | 326 return; |
364 } | 327 } |
365 | 328 |
366 NOTREACHED() << "Unexpected command: " << command; | 329 NOTREACHED() << "Unexpected command: " << command; |
367 } | 330 } |
368 | 331 |
369 void SafeBrowsingBlockingPage::OverrideRendererPrefs( | 332 void SafeBrowsingBlockingPage::OverrideRendererPrefs( |
370 content::RendererPreferences* prefs) { | 333 content::RendererPreferences* prefs) { |
(...skipping 331 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
702 load_time_data->SetString( | 665 load_time_data->SetString( |
703 "explanationParagraph", | 666 "explanationParagraph", |
704 l10n_util::GetStringFUTF16(IDS_PHISHING_V3_EXPLANATION_PARAGRAPH, | 667 l10n_util::GetStringFUTF16(IDS_PHISHING_V3_EXPLANATION_PARAGRAPH, |
705 GetFormattedHostName())); | 668 GetFormattedHostName())); |
706 load_time_data->SetString( | 669 load_time_data->SetString( |
707 "finalParagraph", | 670 "finalParagraph", |
708 l10n_util::GetStringUTF16(IDS_PHISHING_V3_PROCEED_PARAGRAPH)); | 671 l10n_util::GetStringUTF16(IDS_PHISHING_V3_PROCEED_PARAGRAPH)); |
709 | 672 |
710 PopulateExtendedReportingOption(load_time_data); | 673 PopulateExtendedReportingOption(load_time_data); |
711 } | 674 } |
OLD | NEW |