[Desktop] Billing Interstitial UI
This CL implements downloading the billing blacklist
and then triggering the billing interstitial UI.
The page info bubble is updated to support the billing
interstitial.
The billing page info and the interstitial UI is placed
behind a new safebrowsing feature flag,
"BillingInterstitial".
Bug: 867518
Change-Id: Id87463b272a9dcc4a3e3d95faaa48a942a2cb664
Reviewed-on: https://chromium-review.googlesource.com/1163286
Reviewed-by: Adrienne Porter Felt <[email protected]>
Reviewed-by: Varun Khaneja <[email protected]>
Reviewed-by: Mustafa Emre Acer <[email protected]>
Commit-Queue: Sarah Chan <[email protected]>
Cr-Commit-Position: refs/heads/master@{#582283}
diff --git a/components/page_info_strings.grdp b/components/page_info_strings.grdp
index 6b5430e..1233f580 100644
--- a/components/page_info_strings.grdp
+++ b/components/page_info_strings.grdp
@@ -420,4 +420,12 @@
</message>
</if>
</if>
+
+ <!-- Billing -->
+ <message name="IDS_PAGE_INFO_BILLING_SUMMARY" desc="A one-line summary at the top of the Page Info bubble (which shows when you click the security indicator) if the website has been flagged for a billing interstitial">
+ The page ahead may try to charge you money
+ </message>
+ <message name="IDS_PAGE_INFO_BILLING_DETAILS" desc="A one-line summary at the top of the Page Info bubble (which shows when you click the security indicator) if the website has been flagged for a billing interstitial.">
+ These charges could be one-time or recurring and may not be obvious.
+ </message>
</grit-part>
diff --git a/components/page_info_strings_grdp/IDS_PAGE_INFO_BILLING_DETAILS.png.sha1 b/components/page_info_strings_grdp/IDS_PAGE_INFO_BILLING_DETAILS.png.sha1
new file mode 100644
index 0000000..7b87011
--- /dev/null
+++ b/components/page_info_strings_grdp/IDS_PAGE_INFO_BILLING_DETAILS.png.sha1
@@ -0,0 +1 @@
+f6a8c9fb2f9ea8a760454538cb50604a8b04bcf6
\ No newline at end of file
diff --git a/components/page_info_strings_grdp/IDS_PAGE_INFO_BILLING_SUMMARY.png.sha1 b/components/page_info_strings_grdp/IDS_PAGE_INFO_BILLING_SUMMARY.png.sha1
new file mode 100644
index 0000000..7b87011
--- /dev/null
+++ b/components/page_info_strings_grdp/IDS_PAGE_INFO_BILLING_SUMMARY.png.sha1
@@ -0,0 +1 @@
+f6a8c9fb2f9ea8a760454538cb50604a8b04bcf6
\ No newline at end of file
diff --git a/components/safe_browsing/browser/safe_browsing_url_checker_impl.cc b/components/safe_browsing/browser/safe_browsing_url_checker_impl.cc
index 5a51c24..0e2177e 100644
--- a/components/safe_browsing/browser/safe_browsing_url_checker_impl.cc
+++ b/components/safe_browsing/browser/safe_browsing_url_checker_impl.cc
@@ -7,6 +7,7 @@
#include "base/metrics/histogram_macros.h"
#include "base/trace_event/trace_event.h"
#include "components/safe_browsing/browser/url_checker_delegate.h"
+#include "components/safe_browsing/features.h"
#include "components/safe_browsing/web_ui/constants.h"
#include "components/security_interstitials/content/unsafe_resource.h"
#include "content/public/browser/browser_thread.h"
@@ -135,7 +136,9 @@
threat_type == SB_THREAT_TYPE_SAFE ? "safe" : "unsafe");
if (threat_type == SB_THREAT_TYPE_SAFE ||
- threat_type == SB_THREAT_TYPE_SUSPICIOUS_SITE) {
+ threat_type == SB_THREAT_TYPE_SUSPICIOUS_SITE ||
+ (!base::FeatureList::IsEnabled(safe_browsing::kBillingInterstitial) &&
+ threat_type == SB_THREAT_TYPE_BILLING)) {
state_ = STATE_NONE;
if (threat_type == SB_THREAT_TYPE_SUSPICIOUS_SITE) {
diff --git a/components/safe_browsing/db/safebrowsing.proto b/components/safe_browsing/db/safebrowsing.proto
index 5116de4..a111415c 100644
--- a/components/safe_browsing/db/safebrowsing.proto
+++ b/components/safe_browsing/db/safebrowsing.proto
@@ -289,6 +289,9 @@
// Entities that are suspected to present a threat.
SUSPICIOUS = 14;
+
+ // Billing threat list. The internal proto's enum name is different
+ BILLING = 15;
}
// Types of platforms.
diff --git a/components/safe_browsing/db/v4_local_database_manager.cc b/components/safe_browsing/db/v4_local_database_manager.cc
index 55e745d1..a9622ff 100644
--- a/components/safe_browsing/db/v4_local_database_manager.cc
+++ b/components/safe_browsing/db/v4_local_database_manager.cc
@@ -80,6 +80,8 @@
ListInfo(kSyncOnlyOnChromeBuilds, "ChromeUrlClientIncident.store",
GetChromeUrlClientIncidentId(),
SB_THREAT_TYPE_BLACKLISTED_RESOURCE),
+ ListInfo(kSyncAlways, "UrlBilling.store", GetUrlBillingId(),
+ SB_THREAT_TYPE_BILLING),
ListInfo(kSyncOnlyOnChromeBuilds, "UrlCsdDownloadWhitelist.store",
GetUrlCsdDownloadWhitelistId(), SB_THREAT_TYPE_UNUSED),
ListInfo(kSyncOnlyOnChromeBuilds, "UrlCsdWhitelist.store",
@@ -113,6 +115,8 @@
return 3;
case SUSPICIOUS:
return 4;
+ case BILLING:
+ return 15;
default:
NOTREACHED() << "Unexpected ThreatType encountered: "
<< list_id.threat_type();
@@ -135,6 +139,9 @@
case SB_THREAT_TYPE_SUSPICIOUS_SITE:
return GetUrlSuspiciousSiteId();
+ case SB_THREAT_TYPE_BILLING:
+ return GetUrlBillingId();
+
default:
NOTREACHED();
// Compiler requires a return statement here.
diff --git a/components/safe_browsing/db/v4_protocol_manager_util.cc b/components/safe_browsing/db/v4_protocol_manager_util.cc
index 6c6b300..c6fc49d8 100644
--- a/components/safe_browsing/db/v4_protocol_manager_util.cc
+++ b/components/safe_browsing/db/v4_protocol_manager_util.cc
@@ -115,6 +115,10 @@
return ListIdentifier(GetCurrentPlatformType(), IP_RANGE, MALWARE_THREAT);
}
+ListIdentifier GetUrlBillingId() {
+ return ListIdentifier(GetCurrentPlatformType(), URL, BILLING);
+}
+
ListIdentifier GetUrlCsdDownloadWhitelistId() {
return ListIdentifier(GetCurrentPlatformType(), URL, CSD_DOWNLOAD_WHITELIST);
}
@@ -181,6 +185,7 @@
case SB_THREAT_TYPE_URL_MALWARE:
case SB_THREAT_TYPE_URL_UNWANTED:
case SB_THREAT_TYPE_SUSPICIOUS_SITE:
+ case SB_THREAT_TYPE_BILLING:
break;
default:
diff --git a/components/safe_browsing/db/v4_protocol_manager_util.h b/components/safe_browsing/db/v4_protocol_manager_util.h
index ef84129..9c0c7882 100644
--- a/components/safe_browsing/db/v4_protocol_manager_util.h
+++ b/components/safe_browsing/db/v4_protocol_manager_util.h
@@ -196,6 +196,7 @@
ListIdentifier GetChromeUrlApiId();
ListIdentifier GetChromeUrlClientIncidentId();
ListIdentifier GetIpMalwareId();
+ListIdentifier GetUrlBillingId();
ListIdentifier GetUrlCsdDownloadWhitelistId();
ListIdentifier GetUrlCsdWhitelistId();
ListIdentifier GetUrlMalBinId();
diff --git a/components/safe_browsing/features.cc b/components/safe_browsing/features.cc
index 06899184..b43b9db 100644
--- a/components/safe_browsing/features.cc
+++ b/components/safe_browsing/features.cc
@@ -22,6 +22,10 @@
const base::Feature kAdSamplerTriggerFeature{"SafeBrowsingAdSamplerTrigger",
base::FEATURE_DISABLED_BY_DEFAULT};
+// Controls the billing interstitial UI.
+const base::Feature kBillingInterstitial{"BillingInterstitial",
+ base::FEATURE_DISABLED_BY_DEFAULT};
+
// If enabled in pre-network-service world, SafeBrowsing URL checks are done by
// applying SafeBrowsing's URLLoaderThrottle subclasses to ThrottlingURLLoader.
//
@@ -61,6 +65,7 @@
bool probabilistically_enabled;
} kExperimentalFeatures[]{
{&kAdSamplerTriggerFeature, false},
+ {&kBillingInterstitial, false},
{&kCheckByURLLoaderThrottle, true},
{&kForceEnableResetPasswordWebUI, true},
{&kInspectDownloadedRarFiles, true},
diff --git a/components/safe_browsing/features.h b/components/safe_browsing/features.h
index c1a1213..724f40d 100644
--- a/components/safe_browsing/features.h
+++ b/components/safe_browsing/features.h
@@ -22,6 +22,9 @@
extern const base::Feature kAdSamplerTriggerFeature;
extern const base::Feature kCheckByURLLoaderThrottle;
+// Controls the billing interstitial UI.
+extern const base::Feature kBillingInterstitial;
+
// Specifies which non-resource HTML Elements to collect based on their tag and
// attributes. It's a single param containing a comma-separated list of pairs.
// For example: "tag1,id,tag1,height,tag2,foo" - this will collect elements with
diff --git a/components/security_state/core/security_state.h b/components/security_state/core/security_state.h
index d50c445a..7e17299 100644
--- a/components/security_state/core/security_state.h
+++ b/components/security_state/core/security_state.h
@@ -92,6 +92,7 @@
MALICIOUS_CONTENT_STATUS_SOCIAL_ENGINEERING,
MALICIOUS_CONTENT_STATUS_SIGN_IN_PASSWORD_REUSE,
MALICIOUS_CONTENT_STATUS_ENTERPRISE_PASSWORD_REUSE,
+ MALICIOUS_CONTENT_STATUS_BILLING,
};
// Describes the security status of a page or request. This is the