link to report why page has been classified as malicious/deceptive/... should have variables %NAME% and %LOCALE% replaced

NEW
Assigned to

Status

()

defect
P3
normal
2 years ago
4 months ago

People

(Reporter: aryx, Assigned: manishkk)

Tracking

({good-first-bug})

unspecified
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox-esr52 unaffected, firefox56 unaffected, firefox57 wontfix, firefox58 affected)

Details

Attachments

(1 attachment)

Firefox 58.0a1 latest and 57.0b8 on Windows 8.1

The urls to the report why a page has been blocked by Safe Browsing contain variables which should be replaced by their values, e.g.
https://safebrowsing.google.com/safebrowsing/diagnostic?client=%NAME%&hl=%LOCALE%&site=http://testsafebrowsing.appspot.com/s/phishing.html

Steps to reproduce:
1. Open http://testsafebrowsing.appspot.com/
2. Click on the first link: "Should show a phishing warning"
3. On the loaded page informing about the blocking, open the Details.
4. Move your mouse to the link "reported as a deceptive site".
Actual result: Link shown with variables.
Expected result: Variables replaced with values.

|Services.urlFormatter.formatURLPref(<prefname>)| should be used for this - or is the current status intentional (the site doesn't seem to offer localized versions)?

Comment 1

2 years ago
pref("browser.safebrowsing.provider.google.reportURL", "https://safebrowsing.google.com/safebrowsing/diagnostic?client=%NAME%&hl=%LOCALE%&site=");
pref("browser.safebrowsing.provider.google.reportPhishMistakeURL", "https://%LOCALE%.phish-error.mozilla.com/?hl=%LOCALE%&url=");
pref("browser.safebrowsing.provider.google.reportMalwareMistakeURL", "https://%LOCALE%.malware-error.mozilla.com/?hl=%LOCALE%&url=");
pref("browser.safebrowsing.provider.google4.reportURL", "https://safebrowsing.google.com/safebrowsing/diagnostic?client=%NAME%&hl=%LOCALE%&site=");
pref("browser.safebrowsing.provider.google4.reportPhishMistakeURL", "https://%LOCALE%.phish-error.mozilla.com/?hl=%LOCALE%&url=");
pref("browser.safebrowsing.provider.google4.reportMalwareMistakeURL", "https://%LOCALE%.malware-error.mozilla.com/?

pref("browser.safebrowsing.reportPhishURL", "https://%LOCALE%.phish-report.mozilla.com/?hl=%LOCALE%&url=");

FWIW, from client view, the reportURL should use LOCALE, and we used |Services.urlFormatter.formatURLPref(<prefname>)|
Given that these query string parameters are not used, we should simply remove them.
Keywords: good-first-bug
Priority: -- → P3
See Also: → 1386462
Assignee

Updated

5 months ago
Assignee: nobody → 1991manish.kumar
Assignee

Comment 3

5 months ago

As Expected result say: 'Variables replaced with values.'
Do I need to replace query string with some values?

(In reply to François Marier [:francois] from comment #2)

Given that these query string parameters are not used, we should simply
remove them.

Flags: needinfo?(dlee)

(In reply to Manish [:manishkk][Less Active until 24 Feb] from comment #3)

As Expected result say: 'Variables replaced with values.'
Do I need to replace query string with some values?

Hi Manish,
Sorry for the super late reply.
No, we just remove them.

Flags: needinfo?(dlee)
You need to log in before you can comment on or make changes to this bug.