tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

BlockedSiteChild.sys.mjs (5409B)

      1 /* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
      2 /* This Source Code Form is subject to the terms of the Mozilla Public
      3 * License, v. 2.0. If a copy of the MPL was not distributed with this
      4 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      5 
      6 const lazy = {};
      7 
      8 ChromeUtils.defineESModuleGetters(lazy, {
      9  SafeBrowsing: "resource://gre/modules/SafeBrowsing.sys.mjs",
     10 });
     11 
     12 function getSiteBlockedErrorDetails(docShell) {
     13  let blockedInfo = {};
     14  if (docShell.failedChannel) {
     15    let classifiedChannel = docShell.failedChannel.QueryInterface(
     16      Ci.nsIClassifiedChannel
     17    );
     18    if (classifiedChannel) {
     19      let httpChannel = docShell.failedChannel.QueryInterface(
     20        Ci.nsIHttpChannel
     21      );
     22 
     23      let reportUri = httpChannel.URI;
     24 
     25      // Remove the query to avoid leaking sensitive data
     26      if (reportUri instanceof Ci.nsIURL) {
     27        reportUri = reportUri.mutate().setQuery("").finalize();
     28      }
     29 
     30      let triggeringPrincipal = docShell.failedChannel.loadInfo
     31        ? docShell.failedChannel.loadInfo.triggeringPrincipal
     32        : null;
     33      blockedInfo = {
     34        list: classifiedChannel.matchedList,
     35        triggeringPrincipal,
     36        provider: classifiedChannel.matchedProvider,
     37        uri: reportUri.asciiSpec,
     38      };
     39    }
     40  }
     41  return blockedInfo;
     42 }
     43 
     44 export class BlockedSiteChild extends JSWindowActorChild {
     45  receiveMessage(msg) {
     46    if (msg.name == "DeceptiveBlockedDetails") {
     47      return getSiteBlockedErrorDetails(this.docShell);
     48    }
     49    return null;
     50  }
     51 
     52  handleEvent(event) {
     53    if (event.type == "AboutBlockedLoaded") {
     54      this.onAboutBlockedLoaded(event);
     55    } else if (event.type == "click" && event.button == 0) {
     56      this.onClick(event);
     57    }
     58  }
     59 
     60  onAboutBlockedLoaded(aEvent) {
     61    let content = aEvent.target.ownerGlobal;
     62 
     63    let blockedInfo = getSiteBlockedErrorDetails(this.docShell);
     64    let provider = blockedInfo.provider || "";
     65 
     66    let doc = content.document;
     67 
     68    /**
     69     * Set error description link in error details.
     70     * For example, the "reported as a deceptive site" link for
     71     * blocked phishing pages.
     72     */
     73    let desc = Services.prefs.getCharPref(
     74      "browser.safebrowsing.provider." + provider + ".reportURL",
     75      ""
     76    );
     77    if (desc) {
     78      doc
     79        .getElementById("error_desc_link")
     80        .setAttribute("href", desc + encodeURIComponent(aEvent.detail.url));
     81    }
     82 
     83    // Set other links in error details.
     84    switch (aEvent.detail.err) {
     85      case "malware":
     86        doc
     87          .getElementById("report_detection")
     88          .setAttribute(
     89            "href",
     90            lazy.SafeBrowsing.getReportURL("MalwareMistake", blockedInfo)
     91          );
     92        break;
     93      case "unwanted":
     94        doc
     95          .getElementById("learn_more_link")
     96          .setAttribute(
     97            "href",
     98            "https://www.google.com/about/unwanted-software-policy.html"
     99          );
    100        break;
    101      case "phishing":
    102        doc
    103          .getElementById("report_detection")
    104          .setAttribute(
    105            "href",
    106            lazy.SafeBrowsing.getReportURL("PhishMistake", blockedInfo) ||
    107              "https://safebrowsing.google.com/safebrowsing/report_error/?tpl=mozilla"
    108          );
    109        doc
    110          .getElementById("learn_more_link")
    111          .setAttribute("href", "https://www.antiphishing.org//");
    112        break;
    113    }
    114 
    115    // Set the firefox support url.
    116    doc
    117      .getElementById("firefox_support")
    118      .setAttribute(
    119        "href",
    120        Services.urlFormatter.formatURLPref("app.support.baseURL") +
    121          "phishing-malware"
    122      );
    123 
    124    // Show safe browsing details on load if the pref is set to true.
    125    let showDetails = Services.prefs.getBoolPref(
    126      "browser.xul.error_pages.show_safe_browsing_details_on_load"
    127    );
    128    if (showDetails) {
    129      let details = content.document.getElementById(
    130        "errorDescriptionContainer"
    131      );
    132      details.removeAttribute("hidden");
    133    }
    134 
    135    // Set safe browsing advisory link.
    136    let advisoryUrl = Services.prefs.getCharPref(
    137      "browser.safebrowsing.provider." + provider + ".advisoryURL",
    138      ""
    139    );
    140    let advisoryDesc = content.document.getElementById("advisoryDescText");
    141    if (!advisoryUrl) {
    142      advisoryDesc.remove();
    143      return;
    144    }
    145 
    146    let advisoryLinkText = Services.prefs.getCharPref(
    147      "browser.safebrowsing.provider." + provider + ".advisoryName",
    148      ""
    149    );
    150    if (!advisoryLinkText) {
    151      advisoryDesc.remove();
    152      return;
    153    }
    154 
    155    content.document.l10n.setAttributes(
    156      advisoryDesc,
    157      "safeb-palm-advisory-desc",
    158      { advisoryname: advisoryLinkText }
    159    );
    160    content.document
    161      .getElementById("advisory_provider")
    162      .setAttribute("href", advisoryUrl);
    163  }
    164 
    165  onClick(event) {
    166    let ownerDoc = event.target.ownerDocument;
    167    if (!ownerDoc) {
    168      return;
    169    }
    170 
    171    var reason = "phishing";
    172    if (/e=malwareBlocked/.test(ownerDoc.documentURI)) {
    173      reason = "malware";
    174    } else if (/e=unwantedBlocked/.test(ownerDoc.documentURI)) {
    175      reason = "unwanted";
    176    } else if (/e=harmfulBlocked/.test(ownerDoc.documentURI)) {
    177      reason = "harmful";
    178    }
    179 
    180    this.sendAsyncMessage("Browser:SiteBlockedError", {
    181      location: ownerDoc.location.href,
    182      reason,
    183      elementId: event.target.getAttribute("id"),
    184      blockedInfo: getSiteBlockedErrorDetails(this.docShell),
    185    });
    186  }
    187 }