1270168 - Investigate removal of redundant code and prefs in utilityOverlay.js for "Why was this page blocked" button

Status: NEW

(SeaMonkey :: Security, defect)

Description

[rsx11m]

+++ This bug was initially created as a clone of Bug #1269773 +++

(Quoting rsx11m from bug 1269773 comment #6)
> (In reply to Frank-Rainer Grahl from bug 1269773 comment #5)
> > I think they can go too because they are not suite specific. If FF changed
> > them I would need to look at the code and remove or alter them too.
> 
> Looking at
> http://mxr.mozilla.org/comm-central/source/suite/common/utilityOverlay.js#1175
> those are for handling the "Why is this site blocked" button in the
> UI when the page is reported, thus I'd think we still need those.
> 
> There is no occurrence of either browser.safebrowsing.warning.infoURL or
> browser.safebrowsing.controlledAccess.infoURL in the mozilla/ tree.
> https://support.mozilla.org/kb/controlledaccess now points to an Firefox for
> Android article "Firefox family-friendly browsing in a restricted profile"
> thus may need to be revised (whatever you wanted to say there). If so, this
> should go into a follow-up bug, unless you have a URL readily available for
> me to plug in instead.

(Quoting rsx11m from bug 1269773 comment #8)
> Found
> https://support.mozilla.org/en-US/kb/how-does-phishing-and-malware-protection-work
> which in turn points to http://itisatrap.org/firefox/its-a-trap.html
> http://itisatrap.org/firefox/its-an-attack.html and
> http://itisatrap.org/firefox/unwanted.html (where the latter presents me
> with a funny combination of both "Reported Web Forgery!" and "Reported
> Attack Page!" warnings).
> 
> Clicking "Why was this page blocked" on neither page does actually use the
> values in the prefs, one points to the exact same page that I've looked up,
> the other to a Google page. Thus, I'd think that those prefs likely can go
> along with the unused code in utilityOverlay.js, *but* in a separate bug.

Comment 1

[Frank-Rainer Grahl (:frg)]

For the controlledaccess please set browser.safebrowsing.forbiddenURIs.enabled to true and try:

http://www.itisatrap.org/firefox/forbidden.html

I just did a straight port of the safebrowsing api. We do not have an ui for it and so neither does Firefox on desktop. This is only good for mobile but I left the code there to ease future portings.

The info url was/is used in mozilla/browser/base/content/browser.js:

>>      case "reportButton":
>>        // This is the "Why is this site blocked" button. We redirect
>>      // to the generic page describing phishing/malware protection.>>
>>
>>        // We log even if malware/phishing/unwanted info URL couldn't be found:
>>        // the measurement is for how many users clicked the WHY BLOCKED button
>>        if (sendTelemetry) {
>>          secHistogram.add(nsISecTel[bucketName + "WHY_BLOCKED"]);
>>        }
>>        openHelpLink("phishing-malware", false, "current");
>>        break;

This stuff has been changed since porting.

As long as both work I would let them in the code:) I will need to check if FF changed something since I ported the stuff.

FRG