Provide ability to access Google Safe Browsing Advisory for a site via the cbo safebrowsing info page

RESOLVED FIXED

Status

--
enhancement
RESOLVED FIXED
9 years ago
8 years ago

People

(Reporter: alqahira, Assigned: alqahira)

Tracking

Details

(URL)

Attachments

(1 attachment)

(In reply to bug 451092 comment 9)
> > info about the reporting UI
> 
> Written; there's a section about reporting a false negative as well as one for
> reporting false positives/cleaned sites.
> 
> In the latter case, I decided against having people visit the site and invoke
> the blocker bar in order to report the false positive (don't encourage
> dangerous behavior and all that).  This means that we don't ever really link
> users to to the Google advisory for blocked malware sites.  What I'd like to do
> is have a form on the page that takes a URL as user input and displays the
> Google advisory, so that we can send concerned people directly to the advisory
> in a safe manner.  
> 
> HTML wanted.
>
Created attachment 463402 [details] [diff] [review]
Implements the form

Here's a patch that does this.  It requires JavaScript, which is a bit unfortunate, but until/unless someone writes a PHP implementation, having an implementation is better than having no implementation at all.

Ideally we'd be able to pre-populate the field with the value of the blocked page (to mimic what the button does on the error page in Firefox), but the error page doesn't send a referrer, which is unfortunate.  We may want to think about adding a direct link to the Safe Browsing Diagnostic on the malware error page. :/ (Also because checking a phishing page will not show any "this site is doing bad stuff" info, since the diagnostic is only for malware.)

I added the form to both the Safebrowsing page (where we mention the Diagnostic as part of "removing your site from the list" section), and also in the phishing/malware section of the main Security page (which is where the error page info link takes the user).

On the Safebrowsing page, the change in the other paragraph is moving the <abbr> for URL up the new first use of the abbreviation.

There's no new styling here; I think it looks OK as-is, but I'm happy to entertain any CSS offered.

There's some minimal sanity-checking in the JS (Google will happily display a diagnostic for anything other than an empty value) and a work-around for the same issue as bug 529353 (Google does accept-lang detection, so we could avoid adding the parameter, except their accept-lang detection also suffers from "I don't know what to do with 'nb-NO'", so since we needed to do that, we might as well just do it for everyone (which also makes the URLs consistent with the other URLs we generate for Safe Browsing).

You can check the live-action versions on http://caminobrowser.org/documentation/security/index-test.php#safebrowsing and http://caminobrowser.org/documentation/security/safebrowsing/index-test.php#unblocking
Assignee: samuel.sidler+old → alqahira
Status: NEW → ASSIGNED
Attachment #463402 - Flags: review?(samuel.sidler)

Comment 2

8 years ago
(In reply to comment #1)
> Created attachment 463402 [details] [diff] [review]
> Implements the form

> There's no new styling here; I think it looks OK as-is, but I'm happy to
> entertain any CSS offered.
> 

I'd set a width on the textfield (at present it takes the default -intrinsic- width, that is 10ch), something like 300px would do fine.
That allows to see a big part of the url you are inputting.

A direct link on the malware overlay would be a nice addition.
(In reply to comment #2)
> I'd set a width on the textfield (at present it takes the default -intrinsic-
> width, that is 10ch), something like 300px would do fine.
> That allows to see a big part of the url you are inputting.

/start/ and /welcome/ both used size="45" (which works out to about 300px), but we can go to about 55 before we start wrapping the button (unless someone has shrunken their window-width or pushed their font size up really high), which I think looks better.

I've updated the live-action pages, and made the changes locally to the real pages to be published.

Comment 4

8 years ago
(In reply to comment #3)
 
> /start/ and /welcome/ both used size="45" (which works out to about 300px), but
> we can go to about 55 before we start wrapping the button (unless someone has
> shrunken their window-width or pushed their font size up really high), which I
> think looks better.

That puts the submit button on the next line with a minimum font-size of 12px, which is not uncommon. Personally, that doesn't really bother me, I prefer a longish input field.

(you could go crazy and set the width to '95%'…)
I also want to work a link to http://www.google.com/support/webmasters/bin/answer.py?answer=163633 into http://caminobrowser.org/documentation/security/safebrowsing/#unblocking (probably in the first pgh); that's the URL that the link on the Safe Browsing Advisory for a site redirects to, but I think it's useful enough to have in our docs, too.

Comment 6

8 years ago
Comment on attachment 463402 [details] [diff] [review]
Implements the form

I didn't test the form, but I trust that you did. r=me
Attachment #463402 - Flags: review?(samuel.sidler) → review+
Pushed, along with the change mentioned in comment 5.
Status: ASSIGNED → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → FIXED
(In reply to comment #1)
> We may want to think
> about adding a direct link to the Safe Browsing Diagnostic on the malware error
> page. :/ (Also because checking a phishing page will not show any "this site is
> doing bad stuff" info, since the diagnostic is only for malware.)

We filed bug 585535 on that.
Comment on attachment 463402 [details] [diff] [review]
Implements the form

>+++ documentation/security/index.php	2010-08-05 20:53:21.000000000 -0400
>+		<p>If you wish to learn why the Google Safe Browsing service has blocked a website,

I also added "as a suspected malware site" before the comma in that sentence, to (hopefully) help prevent people from seeing bogus "false negative" data if they submit a suspected phishing site in the form.

(On documentation/security/safebrowsing/index.php, the form is below a paragraph talking explicitly about malware and the Diagnostic page, so the link between the two is more clear--and the text that would be added redundant--there.)
You need to log in before you can comment on or make changes to this bug.