diff options
Diffstat (limited to 'chromium/components/security_interstitials')
27 files changed, 372 insertions, 52 deletions
diff --git a/chromium/components/security_interstitials/content/BUILD.gn b/chromium/components/security_interstitials/content/BUILD.gn index 6bd779fa34a..dd19bf9033f 100644 --- a/chromium/components/security_interstitials/content/BUILD.gn +++ b/chromium/components/security_interstitials/content/BUILD.gn @@ -26,6 +26,10 @@ static_library("security_interstitial_page") { "connection_help_ui.h", "content_metrics_helper.cc", "content_metrics_helper.h", + "insecure_form_blocking_page.cc", + "insecure_form_blocking_page.h", + "insecure_form_navigation_throttle.cc", + "insecure_form_navigation_throttle.h", "known_interception_disclosure_ui.cc", "known_interception_disclosure_ui.h", "legacy_tls_blocking_page.cc", diff --git a/chromium/components/security_interstitials/content/captive_portal_blocking_page.cc b/chromium/components/security_interstitials/content/captive_portal_blocking_page.cc index 81df00dd1a4..f53cd6b7ea9 100644 --- a/chromium/components/security_interstitials/content/captive_portal_blocking_page.cc +++ b/chromium/components/security_interstitials/content/captive_portal_blocking_page.cc @@ -184,6 +184,9 @@ void CaptivePortalBlockingPage::PopulateInterstitialStrings( } } load_time_data->SetString("primaryParagraph", paragraph); + load_time_data->SetString( + "optInLink", + l10n_util::GetStringUTF16(IDS_SAFE_BROWSING_SCOUT_REPORTING_AGREE)); // Explicitly specify other expected fields to empty. load_time_data->SetString("openDetails", ""); load_time_data->SetString("closeDetails", ""); diff --git a/chromium/components/security_interstitials/content/captive_portal_helper_android.cc b/chromium/components/security_interstitials/content/captive_portal_helper_android.cc index 5095d5e4f35..63f8f36bfbf 100644 --- a/chromium/components/security_interstitials/content/captive_portal_helper_android.cc +++ b/chromium/components/security_interstitials/content/captive_portal_helper_android.cc @@ -3,7 +3,6 @@ // found in the LICENSE file. #include "components/security_interstitials/content/captive_portal_helper_android.h" -#include "base/task/post_task.h" #include "components/security_interstitials/content/captive_portal_helper.h" #include "content/public/browser/browser_task_traits.h" @@ -27,8 +26,8 @@ void JNI_CaptivePortalHelper_SetCaptivePortalCertificateForTesting( const base::android::JavaParamRef<jstring>& jhash) { auto default_proto = SSLErrorAssistant::GetErrorAssistantProtoFromResourceBundle(); - base::PostTask(FROM_HERE, {content::BrowserThread::UI}, - base::BindOnce(SSLErrorHandler::SetErrorAssistantProto, + content::GetUIThreadTaskRunner({})->PostTask( + FROM_HERE, base::BindOnce(SSLErrorHandler::SetErrorAssistantProto, std::move(default_proto))); const std::string hash = ConvertJavaStringToUTF8(env, jhash); @@ -37,16 +36,16 @@ void JNI_CaptivePortalHelper_SetCaptivePortalCertificateForTesting( config_proto->set_version_id(INT_MAX); config_proto->add_captive_portal_cert()->set_sha256_hash(hash); - base::PostTask(FROM_HERE, {content::BrowserThread::UI}, - base::BindOnce(SSLErrorHandler::SetErrorAssistantProto, + content::GetUIThreadTaskRunner({})->PostTask( + FROM_HERE, base::BindOnce(SSLErrorHandler::SetErrorAssistantProto, std::move(config_proto))); } void JNI_CaptivePortalHelper_SetOSReportsCaptivePortalForTesting( JNIEnv* env, jboolean os_reports_captive_portal) { - base::PostTask( - FROM_HERE, {content::BrowserThread::UI}, + content::GetUIThreadTaskRunner({})->PostTask( + FROM_HERE, base::BindOnce(SSLErrorHandler::SetOSReportsCaptivePortalForTesting, os_reports_captive_portal)); } diff --git a/chromium/components/security_interstitials/content/cert_report_helper.cc b/chromium/components/security_interstitials/content/cert_report_helper.cc index 833a226972b..f8d655b1078 100644 --- a/chromium/components/security_interstitials/content/cert_report_helper.cc +++ b/chromium/components/security_interstitials/content/cert_report_helper.cc @@ -86,15 +86,9 @@ void CertReportHelper::PopulateExtendedReportingOption( security_interstitials::kBoxChecked, safe_browsing::IsExtendedReportingEnabled(*GetPrefs(web_contents_))); - const std::string privacy_link = base::StringPrintf( - security_interstitials::kPrivacyLinkHtml, - security_interstitials::CMD_OPEN_REPORTING_PRIVACY, - l10n_util::GetStringUTF8(IDS_SAFE_BROWSING_PRIVACY_POLICY_PAGE).c_str()); - load_time_data->SetString( security_interstitials::kOptInLink, - l10n_util::GetStringFUTF16(IDS_SAFE_BROWSING_SCOUT_REPORTING_AGREE, - base::UTF8ToUTF16(privacy_link))); + l10n_util::GetStringUTF16(IDS_SAFE_BROWSING_SCOUT_REPORTING_AGREE)); } void CertReportHelper::SetSSLCertReporterForTesting( diff --git a/chromium/components/security_interstitials/content/insecure_form_blocking_page.cc b/chromium/components/security_interstitials/content/insecure_form_blocking_page.cc new file mode 100644 index 00000000000..4334a0f06cb --- /dev/null +++ b/chromium/components/security_interstitials/content/insecure_form_blocking_page.cc @@ -0,0 +1,110 @@ +// Copyright 2020 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "components/security_interstitials/content/insecure_form_blocking_page.h" + +#include "base/notreached.h" +#include "base/strings/string_number_conversions.h" +#include "base/values.h" +#include "components/security_interstitials/content/security_interstitial_controller_client.h" +#include "components/strings/grit/components_strings.h" +#include "ui/base/l10n/l10n_util.h" + +namespace security_interstitials { + +// static +const SecurityInterstitialPage::TypeID + InsecureFormBlockingPage::kTypeForTesting = + &InsecureFormBlockingPage::kTypeForTesting; + +InsecureFormBlockingPage::InsecureFormBlockingPage( + content::WebContents* web_contents, + const GURL& request_url, + std::unique_ptr<SecurityInterstitialControllerClient> controller_client) + : SecurityInterstitialPage(web_contents, + request_url, + std::move(controller_client)) {} + +InsecureFormBlockingPage::~InsecureFormBlockingPage() = default; + +SecurityInterstitialPage::TypeID InsecureFormBlockingPage::GetTypeForTesting() { + return InsecureFormBlockingPage::kTypeForTesting; +} + +bool InsecureFormBlockingPage::ShouldCreateNewNavigation() const { + return false; +} + +void InsecureFormBlockingPage::CommandReceived(const std::string& command) { + if (command == "\"pageLoadComplete\"") { + // content::WaitForRenderFrameReady sends this message when the page + // load completes. Ignore it. + return; + } + int cmd = 0; + bool retval = base::StringToInt(command, &cmd); + DCHECK(retval); + switch (cmd) { + case security_interstitials::CMD_DONT_PROCEED: + controller()->GoBack(); + break; + case security_interstitials::CMD_PROCEED: + controller()->Proceed(); + break; + case security_interstitials::CMD_DO_REPORT: + case security_interstitials::CMD_DONT_REPORT: + case security_interstitials::CMD_SHOW_MORE_SECTION: + case security_interstitials::CMD_OPEN_DATE_SETTINGS: + case security_interstitials::CMD_OPEN_REPORTING_PRIVACY: + case security_interstitials::CMD_OPEN_WHITEPAPER: + case security_interstitials::CMD_OPEN_HELP_CENTER: + case security_interstitials::CMD_RELOAD: + case security_interstitials::CMD_OPEN_DIAGNOSTIC: + case security_interstitials::CMD_OPEN_LOGIN: + case security_interstitials::CMD_REPORT_PHISHING_ERROR: + // Not supported by the insecure form blocking page. + NOTREACHED() << "Unsupported command: " << command; + break; + case security_interstitials::CMD_ERROR: + case security_interstitials::CMD_TEXT_FOUND: + case security_interstitials::CMD_TEXT_NOT_FOUND: + // Commands are for testing. + break; + } +} + +void InsecureFormBlockingPage::PopulateInterstitialStrings( + base::DictionaryValue* load_time_data) { + PopulateValuesForSharedHTML(load_time_data); + + load_time_data->SetString("tabTitle", + l10n_util::GetStringUTF16(IDS_INSECURE_FORM_TITLE)); + load_time_data->SetString( + "heading", l10n_util::GetStringUTF16(IDS_INSECURE_FORM_HEADING)); + load_time_data->SetString( + "primaryParagraph", + l10n_util::GetStringUTF16(IDS_INSECURE_FORM_PRIMARY_PARAGRAPH)); + load_time_data->SetString( + "proceedButtonText", + l10n_util::GetStringUTF16(IDS_INSECURE_FORM_SUBMIT_BUTTON)); + load_time_data->SetString( + "primaryButtonText", + l10n_util::GetStringUTF16(IDS_INSECURE_FORM_BACK_BUTTON)); + load_time_data->SetString( + "optInLink", + l10n_util::GetStringUTF16(IDS_SAFE_BROWSING_SCOUT_REPORTING_AGREE)); +} + +void InsecureFormBlockingPage::PopulateValuesForSharedHTML( + base::DictionaryValue* load_time_data) { + load_time_data->SetString("type", "INSECURE_FORM"); + load_time_data->SetBoolean("overridable", false); + load_time_data->SetBoolean("hide_primary_button", false); + load_time_data->SetBoolean("show_recurrent_error_paragraph", false); + load_time_data->SetString("recurrentErrorParagraph", ""); + load_time_data->SetString("openDetails", ""); + load_time_data->SetString("explanationParagraph", ""); + load_time_data->SetString("finalParagraph", ""); +} +} // namespace security_interstitials diff --git a/chromium/components/security_interstitials/content/insecure_form_blocking_page.h b/chromium/components/security_interstitials/content/insecure_form_blocking_page.h new file mode 100644 index 00000000000..e390ce5b912 --- /dev/null +++ b/chromium/components/security_interstitials/content/insecure_form_blocking_page.h @@ -0,0 +1,43 @@ +// Copyright 2020 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef COMPONENTS_SECURITY_INTERSTITIALS_CONTENT_INSECURE_FORM_BLOCKING_PAGE_H_ +#define COMPONENTS_SECURITY_INTERSTITIALS_CONTENT_INSECURE_FORM_BLOCKING_PAGE_H_ + +#include "components/security_interstitials/content/security_interstitial_page.h" + +namespace security_interstitials { +class SecurityInterstitialControllerClient; + +// Interstitial page object used for warnings shown when a form embedded on a +// secure (HTTPS) page is submitted over HTTP. +class InsecureFormBlockingPage : public SecurityInterstitialPage { + public: + InsecureFormBlockingPage( + content::WebContents* web_contents, + const GURL& request_url, + std::unique_ptr<SecurityInterstitialControllerClient> controller_client); + + static const SecurityInterstitialPage::TypeID kTypeForTesting; + ~InsecureFormBlockingPage() override; + + // SecurityInterstitialPage:: + void OnInterstitialClosing() override {} + SecurityInterstitialPage::TypeID GetTypeForTesting() override; + + protected: + // SecurityInterstitialPage:: + void CommandReceived(const std::string& command) override; + bool ShouldCreateNewNavigation() const override; + void PopulateInterstitialStrings( + base::DictionaryValue* load_time_data) override; + + private: + // Adds values required for shared interstitial HTML to |load_time_data|. + void PopulateValuesForSharedHTML(base::DictionaryValue* load_time_data); +}; + +} // namespace security_interstitials + +#endif // COMPONENTS_SECURITY_INTERSTITIALS_CONTENT_INSECURE_FORM_BLOCKING_PAGE_H_ diff --git a/chromium/components/security_interstitials/content/insecure_form_navigation_throttle.cc b/chromium/components/security_interstitials/content/insecure_form_navigation_throttle.cc new file mode 100644 index 00000000000..0ca198d72d5 --- /dev/null +++ b/chromium/components/security_interstitials/content/insecure_form_navigation_throttle.cc @@ -0,0 +1,79 @@ +// Copyright 2020 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "components/security_interstitials/content/insecure_form_navigation_throttle.h" + +#include "base/feature_list.h" +#include "components/security_interstitials/content/insecure_form_blocking_page.h" +#include "components/security_interstitials/content/security_interstitial_tab_helper.h" +#include "components/security_interstitials/core/features.h" +#include "content/public/browser/navigation_handle.h" +#include "content/public/browser/web_contents.h" +#include "services/network/public/cpp/is_potentially_trustworthy.h" +#include "url/origin.h" +#include "url/url_constants.h" + +namespace { +bool IsInsecureFormAction(const GURL& action_url) { + if (action_url.SchemeIs(url::kBlobScheme) || + action_url.SchemeIs(url::kFileSystemScheme)) + return false; + return !network::IsOriginPotentiallyTrustworthy( + url::Origin::Create(action_url)); +} +} // namespace + +namespace security_interstitials { + +InsecureFormNavigationThrottle::InsecureFormNavigationThrottle( + content::NavigationHandle* navigation_handle, + std::unique_ptr<SecurityBlockingPageFactory> blocking_page_factory) + : content::NavigationThrottle(navigation_handle), + blocking_page_factory_(std::move(blocking_page_factory)) {} + +InsecureFormNavigationThrottle::~InsecureFormNavigationThrottle() = default; + +content::NavigationThrottle::ThrottleCheckResult +InsecureFormNavigationThrottle::WillStartRequest() { + content::NavigationHandle* handle = navigation_handle(); + if (!handle->IsFormSubmission()) + return content::NavigationThrottle::PROCEED; + content::WebContents* contents = handle->GetWebContents(); + if (!IsInsecureFormAction(handle->GetURL()) || + !contents->GetLastCommittedURL().SchemeIs(url::kHttpsScheme)) { + // Currently we only warn for insecure forms in secure pages. + return content::NavigationThrottle::PROCEED; + } + + std::unique_ptr<InsecureFormBlockingPage> blocking_page = + blocking_page_factory_->CreateInsecureFormBlockingPage(contents, + handle->GetURL()); + std::string interstitial_html = blocking_page->GetHTMLContents(); + SecurityInterstitialTabHelper::AssociateBlockingPage( + contents, handle->GetNavigationId(), std::move(blocking_page)); + return content::NavigationThrottle::ThrottleCheckResult( + CANCEL, net::ERR_BLOCKED_BY_CLIENT, interstitial_html); +} + +content::NavigationThrottle::ThrottleCheckResult +InsecureFormNavigationThrottle::WillRedirectRequest() { + return WillStartRequest(); +} + +const char* InsecureFormNavigationThrottle::GetNameForLogging() { + return "InsecureFormNavigationThrottle"; +} + +// static +std::unique_ptr<InsecureFormNavigationThrottle> +InsecureFormNavigationThrottle::MaybeCreateNavigationThrottle( + content::NavigationHandle* navigation_handle, + std::unique_ptr<SecurityBlockingPageFactory> blocking_page_factory) { + if (!base::FeatureList::IsEnabled(kInsecureFormSubmissionInterstitial)) + return nullptr; + return std::make_unique<InsecureFormNavigationThrottle>( + navigation_handle, std::move(blocking_page_factory)); +} + +} // namespace security_interstitials diff --git a/chromium/components/security_interstitials/content/insecure_form_navigation_throttle.h b/chromium/components/security_interstitials/content/insecure_form_navigation_throttle.h new file mode 100644 index 00000000000..19178a5eeb1 --- /dev/null +++ b/chromium/components/security_interstitials/content/insecure_form_navigation_throttle.h @@ -0,0 +1,40 @@ +// Copyright 2020 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef COMPONENTS_SECURITY_INTERSTITIALS_CONTENT_INSECURE_FORM_NAVIGATION_THROTTLE_H_ +#define COMPONENTS_SECURITY_INTERSTITIALS_CONTENT_INSECURE_FORM_NAVIGATION_THROTTLE_H_ + +#include "components/security_interstitials/content/security_blocking_page_factory.h" +#include "content/public/browser/navigation_throttle.h" + +namespace content { +class NavigationHandle; +} // namespace content + +namespace security_interstitials { + +class InsecureFormNavigationThrottle : public content::NavigationThrottle { + public: + InsecureFormNavigationThrottle( + content::NavigationHandle* navigation_handle, + std::unique_ptr<SecurityBlockingPageFactory> blocking_page_factory); + ~InsecureFormNavigationThrottle() override; + + // content::NavigationThrottle: + ThrottleCheckResult WillStartRequest() override; + ThrottleCheckResult WillRedirectRequest() override; + const char* GetNameForLogging() override; + + static std::unique_ptr<InsecureFormNavigationThrottle> + MaybeCreateNavigationThrottle( + content::NavigationHandle* navigation_handle, + std::unique_ptr<SecurityBlockingPageFactory> blocking_page_factory); + + private: + std::unique_ptr<SecurityBlockingPageFactory> blocking_page_factory_; +}; + +} // namespace security_interstitials + +#endif // COMPONENTS_SECURITY_INTERSTITIALS_CONTENT_INSECURE_FORM_NAVIGATION_THROTTLE_H_ diff --git a/chromium/components/security_interstitials/content/origin_policy_interstitial_page.cc b/chromium/components/security_interstitials/content/origin_policy_interstitial_page.cc index 011f1422707..2d1e123b1be 100644 --- a/chromium/components/security_interstitials/content/origin_policy_interstitial_page.cc +++ b/chromium/components/security_interstitials/content/origin_policy_interstitial_page.cc @@ -71,6 +71,7 @@ void OriginPolicyInterstitialPage::PopulateInterstitialStrings( {"finalParagraph", IDS_ORIGIN_POLICY_FINAL_PARAGRAPH}, {"heading", IDS_ORIGIN_POLICY_HEADING}, {"openDetails", IDS_ORIGIN_POLICY_DETAILS}, + {"optInLink", IDS_SAFE_BROWSING_SCOUT_REPORTING_AGREE}, {"primaryButtonText", IDS_ORIGIN_POLICY_BUTTON}, {"primaryParagraph", IDS_ORIGIN_POLICY_INFO}, {"recurrentErrorParagraph", IDS_ORIGIN_POLICY_INFO2}, diff --git a/chromium/components/security_interstitials/content/security_blocking_page_factory.h b/chromium/components/security_interstitials/content/security_blocking_page_factory.h index 6a09ce9e547..ad3720a6c56 100644 --- a/chromium/components/security_interstitials/content/security_blocking_page_factory.h +++ b/chromium/components/security_interstitials/content/security_blocking_page_factory.h @@ -12,6 +12,7 @@ #include "components/security_interstitials/content/bad_clock_blocking_page.h" #include "components/security_interstitials/content/blocked_interception_blocking_page.h" #include "components/security_interstitials/content/captive_portal_blocking_page.h" +#include "components/security_interstitials/content/insecure_form_blocking_page.h" #include "components/security_interstitials/content/legacy_tls_blocking_page.h" #include "components/security_interstitials/content/mitm_software_blocking_page.h" #include "components/security_interstitials/content/ssl_blocking_page.h" @@ -83,6 +84,10 @@ class SecurityBlockingPageFactory { std::unique_ptr<SSLCertReporter> ssl_cert_reporter, const net::SSLInfo& ssl_info) = 0; + virtual std::unique_ptr<security_interstitials::InsecureFormBlockingPage> + CreateInsecureFormBlockingPage(content::WebContents* web_contents, + const GURL& request_url) = 0; + private: DISALLOW_COPY_AND_ASSIGN(SecurityBlockingPageFactory); }; diff --git a/chromium/components/security_interstitials/content/security_interstitial_page.cc b/chromium/components/security_interstitials/content/security_interstitial_page.cc index ecf7853ab1e..2cdcfd57d93 100644 --- a/chromium/components/security_interstitials/content/security_interstitial_page.cc +++ b/chromium/components/security_interstitials/content/security_interstitial_page.cc @@ -85,14 +85,6 @@ SecurityInterstitialControllerClient* SecurityInterstitialPage::controller() return controller_.get(); } -void SecurityInterstitialPage::UpdateMetricsAfterSecurityInterstitial() { - if (controller_->GetPrefService()) { - safe_browsing::UpdateMetricsAfterSecurityInterstitial( - *controller_->GetPrefService(), on_show_extended_reporting_pref_exists_, - on_show_extended_reporting_pref_value_); - } -} - void SecurityInterstitialPage::SetUpMetrics() { // Remember the initial state of the extended reporting pref, to be compared // to the same data when the interstitial is closed. diff --git a/chromium/components/security_interstitials/content/ssl_blocking_page_base.cc b/chromium/components/security_interstitials/content/ssl_blocking_page_base.cc index c5691b85a0c..6e97fdf7d8d 100644 --- a/chromium/components/security_interstitials/content/ssl_blocking_page_base.cc +++ b/chromium/components/security_interstitials/content/ssl_blocking_page_base.cc @@ -36,7 +36,6 @@ SSLBlockingPageBase::SSLBlockingPageBase( SSLBlockingPageBase::~SSLBlockingPageBase() = default; void SSLBlockingPageBase::OnInterstitialClosing() { - UpdateMetricsAfterSecurityInterstitial(); cert_report_helper_->FinishCertCollection(); } diff --git a/chromium/components/security_interstitials/content/ssl_error_handler_unittest.cc b/chromium/components/security_interstitials/content/ssl_error_handler_unittest.cc index 9abf785ba23..65e26fd08db 100644 --- a/chromium/components/security_interstitials/content/ssl_error_handler_unittest.cc +++ b/chromium/components/security_interstitials/content/ssl_error_handler_unittest.cc @@ -11,7 +11,6 @@ #include "base/macros.h" #include "base/metrics/field_trial.h" #include "base/run_loop.h" -#include "base/task/post_task.h" #include "base/test/metrics/histogram_tester.h" #include "base/test/scoped_feature_list.h" #include "base/test/simple_test_clock.h" @@ -126,7 +125,7 @@ const char kCertWithoutOrganizationOrCommonName[] = std::unique_ptr<net::test_server::HttpResponse> WaitForRequest( const base::Closure& quit_closure, const net::test_server::HttpRequest& request) { - base::PostTask(FROM_HERE, {content::BrowserThread::UI}, quit_closure); + content::GetUIThreadTaskRunner({})->PostTask(FROM_HERE, quit_closure); return std::make_unique<net::test_server::HungResponse>(); } @@ -645,8 +644,8 @@ class SSLErrorHandlerDateInvalidTest base::RunLoop run_loop; std::unique_ptr<network::PendingSharedURLLoaderFactory> pending_url_loader_factory; - base::PostTaskAndReply( - FROM_HERE, {content::BrowserThread::IO}, + content::GetIOThreadTaskRunner({})->PostTaskAndReply( + FROM_HERE, base::BindOnce(CreateURLLoaderFactory, &pending_url_loader_factory), run_loop.QuitClosure()); run_loop.Run(); diff --git a/chromium/components/security_interstitials/core/browser/resources/extended_reporting.js b/chromium/components/security_interstitials/core/browser/resources/extended_reporting.js index 20d9add69b4..0e3e00ba1db 100644 --- a/chromium/components/security_interstitials/core/browser/resources/extended_reporting.js +++ b/chromium/components/security_interstitials/core/browser/resources/extended_reporting.js @@ -22,7 +22,15 @@ function setupExtendedReportingCheckbox() { return; } - $('opt-in-label').innerHTML = loadTimeData.getString('optInLink'); + if ($('privacy-link')) { + $('privacy-link').addEventListener('click', function() { + sendCommand(SecurityInterstitialCommandId.CMD_OPEN_REPORTING_PRIVACY); + return false; + }); + $('privacy-link').addEventListener('mousedown', function() { + return false; + }); + } $('opt-in-checkbox').checked = loadTimeData.getBoolean(SB_BOX_CHECKED); $('extended-reporting-opt-in').classList.remove('hidden'); diff --git a/chromium/components/security_interstitials/core/browser/resources/interstitial_insecureform.css b/chromium/components/security_interstitials/core/browser/resources/interstitial_insecureform.css new file mode 100644 index 00000000000..9dd208190b1 --- /dev/null +++ b/chromium/components/security_interstitials/core/browser/resources/interstitial_insecureform.css @@ -0,0 +1,20 @@ +/* Copyright 2020 The Chromium Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. */ + +.insecure-form #main-content a { + color: var(--google-blue-700); + text-decoration: none; +} + +.insecure-form .icon { + background-image: -webkit-image-set( + url(images/1x/info.png) 1x, + url(images/2x/info.png) 2x); +} + +@media (prefers-color-scheme: dark) { + .insecure-form .icon { + filter: invert(1); + } +} diff --git a/chromium/components/security_interstitials/core/browser/resources/interstitial_large.html b/chromium/components/security_interstitials/core/browser/resources/interstitial_large.html index 62ee7c467fa..94eb9f2ac7b 100644 --- a/chromium/components/security_interstitials/core/browser/resources/interstitial_large.html +++ b/chromium/components/security_interstitials/core/browser/resources/interstitial_large.html @@ -10,6 +10,7 @@ <link rel="stylesheet" href="../../common/resources/interstitial_common.css"> <link rel="stylesheet" href="interstitial_badclock.css"> <link rel="stylesheet" href="interstitial_captiveportal.css"> + <link rel="stylesheet" href="interstitial_insecureform.css"> <link rel="stylesheet" href="interstitial_lookalikeurl.css"> <link rel="stylesheet" href="interstitial_safebrowsing.css"> <link rel="stylesheet" href="interstitial_ssl.css"> @@ -42,7 +43,7 @@ <input type="checkbox" id="opt-in-checkbox"> <span class="checkbox"></span> </div> - <span id="opt-in-label"></span> + <span id="opt-in-label">$i18nRaw{optInLink}</span> </label> </div> </div> diff --git a/chromium/components/security_interstitials/core/browser/resources/interstitial_large.js b/chromium/components/security_interstitials/core/browser/resources/interstitial_large.js index 2f7e43f0513..b234965c519 100644 --- a/chromium/components/security_interstitials/core/browser/resources/interstitial_large.js +++ b/chromium/components/security_interstitials/core/browser/resources/interstitial_large.js @@ -74,6 +74,7 @@ function setupEvents() { const originPolicy = interstitialType === 'ORIGIN_POLICY'; const blockedInterception = interstitialType === 'BLOCKED_INTERCEPTION'; const legacyTls = interstitialType == 'LEGACY_TLS'; + const insecureForm = interstitialType == 'INSECURE_FORM'; const hidePrimaryButton = loadTimeData.getBoolean('hide_primary_button'); const showRecurrentErrorParagraph = loadTimeData.getBoolean( 'show_recurrent_error_paragraph'); @@ -88,6 +89,8 @@ function setupEvents() { $('body').classList.add('safe-browsing-billing'); } else if (lookalike) { $('body').classList.add('lookalike-url'); + } else if (insecureForm) { + $('body').classList.add('insecure-form'); } else { $('body').classList.add('safe-browsing'); // Override the default theme color. @@ -125,7 +128,7 @@ function setupEvents() { case 'ORIGIN_POLICY': sendCommand(SecurityInterstitialCommandId.CMD_DONT_PROCEED); break; - + case 'INSECURE_FORM': case 'LOOKALIKE': sendCommand(SecurityInterstitialCommandId.CMD_DONT_PROCEED); break; @@ -136,20 +139,24 @@ function setupEvents() { }); } - if (lookalike) { + if (lookalike || insecureForm) { const proceedButton = 'proceed-button'; - const dontProceedLink = 'dont-proceed-link'; $(proceedButton).classList.remove(HIDDEN_CLASS); - $(proceedButton).textContent = loadTimeData.getString('proceedButtonText'); - $(proceedButton).addEventListener('click', function(event) { sendCommand(SecurityInterstitialCommandId.CMD_PROCEED); }); - - $(dontProceedLink).addEventListener('click', function(event) { - sendCommand(SecurityInterstitialCommandId.CMD_DONT_PROCEED); - }); + } + if (lookalike) { + // Lookalike interstitials with a suggested URL have a link in the title: + // "Did you mean <link>example.com</link>?". Handle those clicks. Lookalike + // interstitails without a suggested URL don't have this link. + const dontProceedLink = 'dont-proceed-link'; + if ($(dontProceedLink)) { + $(dontProceedLink).addEventListener('click', function(event) { + sendCommand(SecurityInterstitialCommandId.CMD_DONT_PROCEED); + }); + } } if (overridable) { @@ -189,8 +196,9 @@ function setupEvents() { }); } - if (captivePortal || billing || lookalike) { - // Captive portal, billing and lookalike pages don't have details buttons. + if (captivePortal || billing || lookalike || insecureForm) { + // Captive portal, billing, lookalike pages, and insecure form + // interstitials don't have details buttons. $('details-button').classList.add('hidden'); } else { $('details-button').addEventListener('click', function(event) { diff --git a/chromium/components/security_interstitials/core/browser/resources/interstitial_webview_quiet.html b/chromium/components/security_interstitials/core/browser/resources/interstitial_webview_quiet.html index 64cc0d25933..bf2f7122ac9 100644 --- a/chromium/components/security_interstitials/core/browser/resources/interstitial_webview_quiet.html +++ b/chromium/components/security_interstitials/core/browser/resources/interstitial_webview_quiet.html @@ -14,7 +14,7 @@ <body id="body"> <div class="interstitial-wrapper"> <div id="main-content"> - <div class="icon"></div> + <div id="icon" class="icon"></div> <div id="main-message"> <h1> <span>$i18n{heading}</span> diff --git a/chromium/components/security_interstitials/core/browser/resources/interstitial_webview_quiet.js b/chromium/components/security_interstitials/core/browser/resources/interstitial_webview_quiet.js index ada0988a0ec..262c5fec4e8 100644 --- a/chromium/components/security_interstitials/core/browser/resources/interstitial_webview_quiet.js +++ b/chromium/components/security_interstitials/core/browser/resources/interstitial_webview_quiet.js @@ -15,6 +15,9 @@ function onResize() { if (window.matchMedia(mediaQuery).matches) { const hiddenDetails = $('details').classList.add(HIDDEN_CLASS); $('main-content').classList.remove(HIDDEN_CLASS); + $('icon').setAttribute('aria-label', loadTimeData.getString('heading')); + } else { + $('icon').removeAttribute('aria-label'); } } diff --git a/chromium/components/security_interstitials/core/browser/resources/list_of_interstitials.html b/chromium/components/security_interstitials/core/browser/resources/list_of_interstitials.html index 81ffdfbed69..9fb6c7da878 100644 --- a/chromium/components/security_interstitials/core/browser/resources/list_of_interstitials.html +++ b/chromium/components/security_interstitials/core/browser/resources/list_of_interstitials.html @@ -132,6 +132,15 @@ <li> <a href="lookalike">Lookalike URL</a> </li> + <li> + <a href="lookalike?no-safe-url=1">Lookalike URL (no suggested URL)</a> + </li> + </ul> + <h3>Insecure (Mixed) Form Submission Warnings</h3> + <ul> + <li> + <a href="insecure_form">Insecure Form</a> + </li> </ul> </body> </html> diff --git a/chromium/components/security_interstitials/core/common/resources/interstitial_common.css b/chromium/components/security_interstitials/core/common/resources/interstitial_common.css index 0ca3c2ba003..320abf146b0 100644 --- a/chromium/components/security_interstitials/core/common/resources/interstitial_common.css +++ b/chromium/components/security_interstitials/core/common/resources/interstitial_common.css @@ -22,6 +22,7 @@ button { .bad-clock button, .captive-portal button, +.insecure-form button, .lookalike-url button, .main-frame-blocked button, .neterror button, diff --git a/chromium/components/security_interstitials/core/common_string_util.cc b/chromium/components/security_interstitials/core/common_string_util.cc index 39958cbb0ae..13a9d34ac31 100644 --- a/chromium/components/security_interstitials/core/common_string_util.cc +++ b/chromium/components/security_interstitials/core/common_string_util.cc @@ -37,6 +37,9 @@ void PopulateSSLLayoutStrings(int cert_error, // interstitials as needed. load_time_data->SetString("recurrentErrorParagraph", ""); load_time_data->SetBoolean("show_recurrent_error_paragraph", false); + load_time_data->SetString( + "optInLink", + l10n_util::GetStringUTF16(IDS_SAFE_BROWSING_SCOUT_REPORTING_AGREE)); } void PopulateSSLDebuggingStrings(const net::SSLInfo ssl_info, diff --git a/chromium/components/security_interstitials/core/controller_client.cc b/chromium/components/security_interstitials/core/controller_client.cc index 020103c9d29..83da30b0bb8 100644 --- a/chromium/components/security_interstitials/core/controller_client.cc +++ b/chromium/components/security_interstitials/core/controller_client.cc @@ -18,9 +18,6 @@ namespace security_interstitials { const char kBoxChecked[] = "boxchecked"; const char kDisplayCheckBox[] = "displaycheckbox"; const char kOptInLink[] = "optInLink"; -const char kPrivacyLinkHtml[] = - "<a id=\"privacy-link\" href=\"#\" onclick=\"sendCommand(%d); " - "return false;\" onmousedown=\"return false;\">%s</a>"; const char kHelpCenterUrl[] = "https://support.google.com/chrome/"; ControllerClient::ControllerClient( diff --git a/chromium/components/security_interstitials/core/features.cc b/chromium/components/security_interstitials/core/features.cc index 7070e8fb9f1..40c094adfce 100644 --- a/chromium/components/security_interstitials/core/features.cc +++ b/chromium/components/security_interstitials/core/features.cc @@ -6,4 +6,7 @@ namespace security_interstitials { +const base::Feature kInsecureFormSubmissionInterstitial{ + "InsecureFormSubmissionInterstitial", base::FEATURE_DISABLED_BY_DEFAULT}; + } // namespace security_interstitials diff --git a/chromium/components/security_interstitials/core/features.h b/chromium/components/security_interstitials/core/features.h index 32c70456169..5fb64f46459 100644 --- a/chromium/components/security_interstitials/core/features.h +++ b/chromium/components/security_interstitials/core/features.h @@ -9,6 +9,9 @@ namespace security_interstitials { +// Controls whether an interstitial is shown when submitting a mixed form. +extern const base::Feature kInsecureFormSubmissionInterstitial; + } // namespace security_interstitials #endif // COMPONENTS_SECURITY_INTERSTITIALS_CORE_FEATURES_H_ diff --git a/chromium/components/security_interstitials/core/safe_browsing_loud_error_ui.cc b/chromium/components/security_interstitials/core/safe_browsing_loud_error_ui.cc index 88557c3b9a0..a375f46bc92 100644 --- a/chromium/components/security_interstitials/core/safe_browsing_loud_error_ui.cc +++ b/chromium/components/security_interstitials/core/safe_browsing_loud_error_ui.cc @@ -83,6 +83,9 @@ void SafeBrowsingLoudErrorUI::PopulateStringsForHtml( "primaryButtonText", l10n_util::GetStringUTF16(IDS_SAFEBROWSING_OVERRIDABLE_SAFETY_BUTTON)); load_time_data->SetBoolean("overridable", !is_proceed_anyway_disabled()); + load_time_data->SetString( + security_interstitials::kOptInLink, + l10n_util::GetStringUTF16(IDS_SAFE_BROWSING_SCOUT_REPORTING_AGREE)); if (always_show_back_to_safety()) { load_time_data->SetBoolean("hide_primary_button", false); @@ -305,14 +308,6 @@ void SafeBrowsingLoudErrorUI::PopulateExtendedReportingOption( return; } - const std::string privacy_link = base::StringPrintf( - security_interstitials::kPrivacyLinkHtml, - security_interstitials::CMD_OPEN_REPORTING_PRIVACY, - l10n_util::GetStringUTF8(IDS_SAFE_BROWSING_PRIVACY_POLICY_PAGE).c_str()); - load_time_data->SetString( - security_interstitials::kOptInLink, - l10n_util::GetStringFUTF16(IDS_SAFE_BROWSING_SCOUT_REPORTING_AGREE, - base::UTF8ToUTF16(privacy_link))); load_time_data->SetBoolean(security_interstitials::kBoxChecked, is_extended_reporting_enabled()); } diff --git a/chromium/components/security_interstitials/core/ssl_error_options_mask.cc b/chromium/components/security_interstitials/core/ssl_error_options_mask.cc index 15bd825babe..bf4eb08b29c 100644 --- a/chromium/components/security_interstitials/core/ssl_error_options_mask.cc +++ b/chromium/components/security_interstitials/core/ssl_error_options_mask.cc @@ -4,6 +4,7 @@ #include "components/security_interstitials/core/ssl_error_options_mask.h" +#include "base/notreached.h" #include "net/base/net_errors.h" namespace security_interstitials { |