browser-safebrowsing.js (4160B)
1 /* This Source Code Form is subject to the terms of the Mozilla Public 2 * License, v. 2.0. If a copy of the MPL was not distributed with this 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 4 5 var gSafeBrowsing = { 6 setReportPhishingMenu() { 7 // tor-browser#18905: hide these menu entries 8 if ( 9 !Services.prefs.getBoolPref("browser.safebrowsing.phishing.enabled", true) 10 ) { 11 return; 12 } 13 14 // In order to detect whether or not we're at the phishing warning 15 // page, we have to check the documentURI instead of the currentURI. 16 // This is because when the DocShell loads an error page, the 17 // currentURI stays at the original target, while the documentURI 18 // will point to the internal error page we loaded instead. 19 var docURI = gBrowser.selectedBrowser.documentURI; 20 var isPhishingPage = 21 docURI && docURI.spec.startsWith("about:blocked?e=deceptiveBlocked"); 22 23 // Show/hide the appropriate menu item. 24 const reportMenu = document.getElementById( 25 "menu_HelpPopup_reportPhishingtoolmenu" 26 ); 27 reportMenu.hidden = isPhishingPage; 28 const reportErrorMenu = document.getElementById( 29 "menu_HelpPopup_reportPhishingErrortoolmenu" 30 ); 31 reportErrorMenu.hidden = !isPhishingPage; 32 33 // Now look at the currentURI to learn which page we were trying 34 // to browse to. 35 const uri = gBrowser.currentURI; 36 const isReportablePage = 37 uri && (uri.schemeIs("http") || uri.schemeIs("https")); 38 39 const disabledByPolicy = !Services.policies.isAllowed("feedbackCommands"); 40 41 if (disabledByPolicy || isPhishingPage || !isReportablePage) { 42 reportMenu.setAttribute("disabled", "true"); 43 } else { 44 reportMenu.removeAttribute("disabled"); 45 } 46 47 if (disabledByPolicy || !isPhishingPage || !isReportablePage) { 48 reportErrorMenu.setAttribute("disabled", "true"); 49 } else { 50 reportErrorMenu.removeAttribute("disabled"); 51 } 52 }, 53 54 /** 55 * Used to report a phishing page or a false positive 56 * 57 * @param name 58 * String One of "PhishMistake", "MalwareMistake", or "Phish" 59 * @param info 60 * Information about the reasons for blocking the resource. 61 * In the case false positive, it may contain SafeBrowsing 62 * matching list and provider of the list 63 * @return String the report phishing URL. 64 */ 65 getReportURL(name, info) { 66 let reportInfo = info; 67 if (!reportInfo) { 68 let pageUri = gBrowser.currentURI; 69 70 // Remove the query to avoid including potentially sensitive data 71 if (pageUri instanceof Ci.nsIURL) { 72 pageUri = pageUri.mutate().setQuery("").finalize(); 73 } 74 75 reportInfo = { uri: pageUri.asciiSpec }; 76 } 77 return SafeBrowsing.getReportURL(name, reportInfo); 78 }, 79 80 reportFalseDeceptiveSite() { 81 let contextsToVisit = [gBrowser.selectedBrowser.browsingContext]; 82 while (contextsToVisit.length) { 83 let currentContext = contextsToVisit.pop(); 84 let global = currentContext.currentWindowGlobal; 85 86 if (!global) { 87 continue; 88 } 89 let docURI = global.documentURI; 90 // Ensure the page is an about:blocked pagae before handling. 91 if ( 92 docURI && 93 docURI.spec.startsWith("about:blocked?e=deceptiveBlocked") 94 ) { 95 let actor = global.getActor("BlockedSite"); 96 actor.sendQuery("DeceptiveBlockedDetails").then(data => { 97 let reportUrl = gSafeBrowsing.getReportURL( 98 "PhishMistake", 99 data.blockedInfo 100 ); 101 if (reportUrl) { 102 openTrustedLinkIn(reportUrl, "tab"); 103 } else { 104 let bundle = Services.strings.createBundle( 105 "chrome://browser/locale/safebrowsing/safebrowsing.properties" 106 ); 107 Services.prompt.alert( 108 window, 109 bundle.GetStringFromName("errorReportFalseDeceptiveTitle"), 110 bundle.formatStringFromName("errorReportFalseDeceptiveMessage", [ 111 data.blockedInfo.provider, 112 ]) 113 ); 114 } 115 }); 116 } 117 118 contextsToVisit.push(...currentContext.children); 119 } 120 }, 121 };