Componentize the SSL blocking page
This introduces security_interstitials::SSLErrorUI, which provides the
C++ backing to the SSL error page JS. It dispatches user commands to the
ControllerClient. All of this code comes from the SSLBlockingPage class,
which now is just an interstitial implementation shell that sets up
the SSLErrorUI and handles Chrome-specific aspects of interstitials.
BUG=488673
Review URL: https://codereview.chromium.org/1509813002
Cr-Commit-Position: refs/heads/master@{#364736}
diff --git a/components/security_interstitials_strings.grdp b/components/security_interstitials_strings.grdp
index 35fbbe1..14f8f56d 100644
--- a/components/security_interstitials_strings.grdp
+++ b/components/security_interstitials_strings.grdp
@@ -54,4 +54,53 @@
https://www.google.com/chrome/browser/privacy/whitepaper.html#malware
</message>
+ <!-- SSL error page -->
+ <message name="IDS_SSL_V2_TITLE" desc="The tab title for the SSL interstitial.">
+ Privacy error
+ </message>
+ <message name="IDS_SSL_V2_HEADING" desc="The large heading at the top of the SSL interstitial.">
+ Your connection is not private
+ </message>
+ <message name="IDS_SSL_V2_PRIMARY_PARAGRAPH" desc="The primary explanatory paragraph for the SSL interstitial.">
+ Attackers might be trying to steal your information from <ph name="BEGIN_BOLD"><strong></ph><ph name="SITE">$1<ex>google.com</ex></ph><ph name="END_BOLD"></strong></ph> (for example, passwords, messages, or credit cards).
+ </message>
+ <if expr="_google_chrome">
+ <message name="IDS_SSL_NONOVERRIDABLE_MORE" desc="Body text for the explanation shown if user clicks on the Details button.">
+ <ph name="SITE">$1<ex>google.com</ex></ph> normally uses encryption to protect your information. When Google Chrome tried to connect to <ph name="SITE">$1<ex>google.com</ex></ph> this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be <ph name="SITE">$1<ex>google.com</ex></ph>, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Google Chrome stopped the connection before any data was exchanged.
+ </message>
+ <message name="IDS_SSL_NONOVERRIDABLE_INVALID" desc="A sentence to explain why the user can't proceed.">
+ You cannot visit <ph name="SITE">$1<ex>google.com</ex></ph> right now because the website sent scrambled credentials that Google Chrome cannot process. Network errors and attacks are usually temporary, so this page will probably work later.
+ </message>
+ </if>
+ <if expr="not _google_chrome">
+ <message name="IDS_SSL_NONOVERRIDABLE_MORE" desc="Body text for the explanation shown if user clicks on the Details button.">
+ <ph name="SITE">$1<ex>google.com</ex></ph> normally uses encryption to protect your information. When Chromium tried to connect to <ph name="SITE">$1<ex>google.com</ex></ph> this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be <ph name="SITE">$1<ex>google.com</ex></ph>, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Chromium stopped the connection before any data was exchanged.
+ </message>
+ <message name="IDS_SSL_NONOVERRIDABLE_INVALID" desc="A sentence to explain why the user can't proceed.">
+ You cannot visit <ph name="SITE">$1<ex>google.com</ex></ph> right now because the website sent scrambled credentials that Chromium cannot process. Network errors and attacks are usually temporary, so this page will probably work later.
+ </message>
+ </if>
+
+ <!-- SSL error page: overridable -->
+ <message name="IDS_SSL_OVERRIDABLE_SAFETY_BUTTON" desc="The text for the button that takes the user back to the previous page.">
+ Back to safety
+ </message>
+ <message name="IDS_SSL_OVERRIDABLE_PROCEED_PARAGRAPH" desc="The text for the paragraph at the bottom with the proceed link.">
+ <ph name="BEGIN_LINK"><a href="#" id="proceed-link"></ph>Proceed to <ph name="SITE">$1<ex>example.com</ex></ph> (unsafe)<ph name="END_LINK"></a></ph>
+ </message>
+
+ <!-- SSL error page: Non-overridable -->
+ <message name="IDS_SSL_RELOAD" desc="The text for the button that reloads the page.">
+ Reload
+ </message>
+ <message name="IDS_SSL_NONOVERRIDABLE_PINNED" desc="A sentence to explain why the user can't proceed, plus a link to a help page about certificate pinning.">
+ You cannot visit <ph name="SITE">$1<ex>google.com</ex></ph> right now because the website <ph name="BEGIN_LINK"><a href="#" id="help-link"></ph>uses certificate pinning<ph name="END_LINK"></a></ph>. Network errors and attacks are usually temporary, so this page will probably work later.
+ </message>
+ <message name="IDS_SSL_NONOVERRIDABLE_HSTS" desc="A sentence to explain why the user can't proceed, plus a link to a help page about HSTS.">
+ You cannot visit <ph name="SITE">$1<ex>google.com</ex></ph> right now because the website <ph name="BEGIN_LINK"><a href="#" id="help-link"></ph>uses HSTS<ph name="END_LINK"></a></ph>. Network errors and attacks are usually temporary, so this page will probably work later.
+ </message>
+ <message name="IDS_SSL_NONOVERRIDABLE_REVOKED" desc="A sentence to explain why the user can't proceed, plus a link to a help page about certificate revocation.">
+ You cannot visit <ph name="SITE">$1<ex>google.com</ex></ph> right now because <ph name="BEGIN_LINK"><a href="#" id="help-link"></ph>this certificate has been revoked<ph name="END_LINK"></a></ph>. Network errors and attacks are usually temporary, so this page will probably work later.
+ </message>
+
</grit-part>
\ No newline at end of file
