Closed Bug 1250600 Opened 4 years ago Closed 3 years ago

Update Safebrowsing in Seamonkey for recent changes in Firefox

Categories

(SeaMonkey :: General, defect)

All
Unspecified
defect
Not set

Tracking

(seamonkey2.46 fixed)

RESOLVED FIXED
seamonkey2.45
Tracking Status
seamonkey2.46 --- fixed

People

(Reporter: frg, Assigned: frg)

References

Details

Attachments

(1 file, 5 obsolete files)

Attached patch WIP patch split from bug 920951 (obsolete) — Splinter Review
Currently Safebrowsing is broken in Seamonkey because of api changes in the mozilla-central code.

This bug covers the changes to the source code.

Bug 920951 covers the changes to the preferences.
Assignee: nobody → frgrahl
Summary: Update Safebrowsing for recent changes in Firefox → Update Safebrowsing in Seamonkey for recent changes in Firefox
Status: NEW → ASSIGNED
Attached patch WIP patch 2 not fully working (obsolete) — Splinter Review
Do not use. Broke the buttons by copying a litte too much from FF. Strings should be ok and all itsatrap websites show as blocked.
Attachment #8722597 - Attachment is obsolete: true
Attached patch 1250600-safebrowsingsites.patch (obsolete) — Splinter Review
Patch for safebrowsing. Tested on c-a only due to current c-c breakage.
VS2015 build.

User agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0 SeaMonkey/2.44a2

Tested urls:

http://itisatrap.org/firefox/unwanted.html
http://itisatrap.org/firefox/its-a-trap.html
http://itisatrap.org/firefox/its-an-attack.html

With browser.safebrowsing.forbiddenURIs.enabled set to true:
http://itisatrap.org/firefox/forbidden.html

Contains string changes copied from current m-c.
Attachment #8729870 - Attachment is obsolete: true
Attachment #8729963 - Flags: review?(philip.chee)
I forgot to include the css in the first patch.
Attachment #8729963 - Attachment is obsolete: true
Attachment #8729963 - Flags: review?(philip.chee)
Attachment #8729981 - Flags: review?(philip.chee)
Blocks: 1240738
Comment on attachment 8729981 [details] [diff] [review]
1250600-safebrowsingsites-V2.patch

blockedSite.xhtml
=================

>      <div id="errorPageContainer">
> -
Keep empty line.

>        <div id="errorLongContent">
> -
Keep empty line.

> -          <!-- Commands handled in utilityOverlay.js -->
Keep comment.

blockedSite.js
==============

>  function getErrorCode()
>  {
>    var url = document.documentURI;
> -  var error = url.indexOf("e=");
> -  var duffUrl = url.indexOf("&u=");
> -  return url.slice(error + 2, duffUrl);
> +  var error = url.search(/e\=/);
> +  var duffUrl = url.search(/\&u\=/);
Nit: these are fixed strings, just use indexOf.

> +  return decodeURIComponent(url.slice(error + 2, duffUrl));
Nit: this is ASCII, no need to decode it.

> + function getOverride()
> + {
> +   var url = document.documentURI;
> +   var match = url.match(/&o=1&/);
> +   return !!match;
(1) I think you want /&o=1/ or /(\?|&)o=1/
(2) Use /regexp/.test(str) which returns a boolean which means that you also don't have to !!coerce the return value.

> +    case "malwareBlocked" :
No space before : (several instances)

> +  if (error !== "malware") {
> +    el = document.getElementById("errorTitleText_malware");
> +    el.parentNode.removeChild(el);
You can now use el.remove() (Supported since Firefox 23) See the part you removed :P  Also could use a helper function. e.g.

function deleteElement(element) {
  var el = document.getElementById(element);
  if (el)
    el.remove();
}

> +  if (error !== "malware") {
Both sides are strings. Just use != .

notification.xml
================
>        <method name="ignoreSafeBrowsingWarning">
> -        <parameter name="aIsMalware"/>
> +        <parameter name="aReasonBlocked"/>
Just "reason" or "aReason".

> +            if (reportName != null) {
if (reportName) {

> +                callback: function () { openUILinkIn(reportUrl, "tabfocused"); }
There is now a shorter ES6 syntax for method definitions on objects initializers:
callback() { ... }
See: https://developer.mozilla.org/Web/JavaScript/Reference/Functions/Method_definitions

utilityOverlay.js
=================
Please move the white-space only changes to a separate patch attached to this bug.

> +    let reasonBlocked = 'phishing';
"Double quotes" please.
Also just |reason| and not |reasonBlocked|

> +      case "whyForbiddenButton":
> +        // This is the "Why is this site blocked" button for family friendly browsing.
> +        // There's no desktop focused support page yet.
The Firefox comment makes more sense! Please use it.

> // This is the "Why is this site blocked" button for family friendly browsing
> // for Fennec. There's no desktop focused support page yet.

> +        loadURI("https://support.mozilla.org/kb/controlledaccess");
Don't hard code URLs in code (generally). Instead use formatURLPref() like a few lines up in your patch.
browser.safebrowsing.warning.infoURL

safeBrowsing.dtd
================
> +<!-- Localization note (safeb.palm.notdeceptive.label) - Label of the Help menu item. -->
> +<!ENTITY safeb.palm.notdeceptive.label "This isn't a deceptive site…">
Unused?

> +<!ENTITY reportDeceptiveSite.label        "Report deceptive site…">
> +<!ENTITY reportDeceptiveSite.accesskey    "D">
> +<!ENTITY notADeceptiveSite.label          "This isn't a deceptive site…">
> +<!ENTITY notADeceptiveSite.accesskey      "D">
Access keys should match the case in the label. (d)
Also please don't vertically align in this file. After your patch nothing else is.
Attachment #8729981 - Flags: review?(philip.chee) → review-
All (hopefully) taken care of but:

>> blockedSite.js
>> ==============
>> (1) I think you want /&o=1/ or /(\?|&)o=1/

The check is for &o=1& so the expression was ok. Changed it to o=0 for a test and the button got removed so it works. The current blocked urls all have o=1 in them even the forbidden ones which I find inconsistent. 

>> utilityOverlay.js
>> =================
>> Please move the white-space only changes to a separate patch attached to this bug.

Could I ask for an exception here. Not that many and I did set the editor to remove them. If not ok I will just delete them in the patch.

I did some minor additional cleanups which I found when checking the patch. access keys were not always consistent. 

Test on c-a and patch build against current c-c.
Attachment #8729981 - Attachment is obsolete: true
Attachment #8735465 - Flags: review?(philip.chee)
Comment on attachment 8735465 [details] [diff] [review]
1250600-safebrowsingsites-V3.patch

Great patch! r=me

>  pref("browser.safebrowsing.warning.infoURL", "https://www.mozilla.org/%LOCALE%/firefox/phishing-protection/");
> +pref("browser.safebrowsing.controlledaccess.infoURL", "https://support.mozilla.org/kb/controlledaccess/");
To be consistent it should be camel case: controlledAccess.

> +    // Reason isn't currently used but it may be useful in the future
> +    // for further testing and setting menu items.
> +    let reason;

Suggestion:
// "reason" isn't currently used but it's here to make porting
// from Firefox easier.

> +  if (!getOverride()) {
> +    var btn = document.getElementById("ignoreWarningButton");
> +    if (btn) {
> +      btn.parentNode.removeChild(btn);

if (!getOverride())
  deleteElement("ignoreWarningButton");


>>> (1) I think you want /&o=1/ or /(\?|&)o=1/
> 
> The check is for &o=1& so the expression was ok. Changed it to o=0 for a
> test and the button got removed so it works. The current blocked urls all
> have o=1 in them even the forbidden ones which I find inconsistent. 
OK. Makes sense.

>>> Please move the white-space only changes to a separate patch attached to this bug.
> 
> Could I ask for an exception here. Not that many and I did set the editor to
OK. I guess.
Attachment #8735465 - Flags: review?(philip.chee) → review+
>> if (!getOverride())
>>  deleteElement("ignoreWarningButton");

Does this work without throwing an exception if the button is not there? For forbidden it already got deleted in the if a few lines earlier.
Flags: needinfo?(philip.chee)
(In reply to Frank-Rainer Grahl from comment #7)
> >> if (!getOverride())
> >>  deleteElement("ignoreWarningButton");
> 
> Does this work without throwing an exception if the button is not there? For
> forbidden it already got deleted in the if a few lines earlier.
There is an if() test in deleteElement(), so if the button isn't there it is a NOOP.

+function deleteElement(element) {
+  var el = document.getElementById(element);
+  if (el)
+    el.remove();
Flags: needinfo?(philip.chee)
Latest patch incorporating some additional minor suggestions. Review+ from Philip Chee carried forward.
Attachment #8735465 - Attachment is obsolete: true
Attachment #8735537 - Flags: review+
Keywords: checkin-needed
Since what Version is a patch required?
This broke a long time ago. First the lists and then the api. I think between 2.26.1 and 2.35. Would need to check the FF bugs. 

I didn't see any complaints so I wouldn't port it back. Also in 2.44 strings where changed by Mozilla. Phishing was partially replaced by deceptive. Put a slightly modified version in my private c-r and c-b tree but even this has string changes.

FRG
So this one can't be the reason for some 2.40 Safe Browsing problems like "Bug 1260457 - Seamonkey 2.40 does not warn that page contains elements meant to track, and is blocking; while Seamonkey 2.39 does warn of such"
Need to check this. This bug is/was primary for Safe Browsing. I didn't try tracking protection.

Might have something to do with the bug 920951 and the Mozilla tracking lists no longer being fetched. Maybe someone can try it out with a nightly. The lists bug is already in the tree.

FRG
http://hg.mozilla.org/comm-central/rev/1759686baf84
Status: ASSIGNED → RESOLVED
Closed: 3 years ago
Keywords: checkin-needed
Resolution: --- → FIXED
Target Milestone: --- → seamonkey2.45
Blocks: 1559578
You need to log in before you can comment on or make changes to this bug.