The Tor Browser: comparison browser/base/content/blockedSite.xhtml

--1:000000000000
+:3f4f352c1090
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html [
+<!ENTITY % htmlDTD PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "DTD/xhtml1-strict.dtd">
+%htmlDTD;
+<!ENTITY % globalDTD SYSTEM "chrome://global/locale/global.dtd">
+%globalDTD;
+<!ENTITY % brandDTD SYSTEM "chrome://branding/locale/brand.dtd" >
+%brandDTD;
+<!ENTITY % blockedSiteDTD SYSTEM "chrome://browser/locale/safebrowsing/phishing-afterload-warning-message.dtd">
+%blockedSiteDTD;
+]>
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+- License, v. 2.0. If a copy of the MPL was not distributed with this
+- file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+<html xmlns="http://www.w3.org/1999/xhtml" class="blacklist">
+<head>
+<link rel="stylesheet" href="chrome://global/skin/netError.css" type="text/css" media="all" />
+<link rel="icon" type="image/png" id="favicon" href="chrome://global/skin/icons/blacklist_favicon.png"/>
+<script type="application/javascript"><![CDATA[
+// Error url MUST be formatted like this:
+//   about:blocked?e=error_code&u=url
+// Note that this file uses document.documentURI to get
+// the URL (with the format from above). This is because
+// document.location.href gets the current URI off the docshell,
+// which is the URL displayed in the location bar, i.e.
+// the URI that the user attempted to load.
+function getErrorCode()
+{
+var url = document.documentURI;
+var error = url.search(/e\=/);
+var duffUrl = url.search(/\&u\=/);
+return decodeURIComponent(url.slice(error + 2, duffUrl));
+}
+function getURL()
+{
+var url = document.documentURI;
+var match = url.match(/&u=([^&]+)&/);
+// match == null if not found; if so, return an empty string
+// instead of what would turn out to be portions of the URI
+if (!match)
+return "";
+url = decodeURIComponent(match[1]);
+// If this is a view-source page, then get then real URI of the page
+if (url.startsWith("view-source:"))
+url = url.slice(12);
+return url;
+}
+/**
+* Attempt to get the hostname via document.location.  Fail back
+* to getURL so that we always return something meaningful.
+*/
+function getHostString()
+{
+try {
+return document.location.hostname;
+} catch (e) {
+return getURL();
+}
+}
+function initPage()
+{
+// Handoff to the appropriate initializer, based on error code
+switch (getErrorCode()) {
+case "malwareBlocked" :
+initPage_malware();
+break;
+case "phishingBlocked" :
+initPage_phishing();
+break;
+}
+}
+/**
+* Initialize custom strings and functionality for blocked malware case
+*/
+function initPage_malware()
+{
+// Remove phishing strings
+var el = document.getElementById("errorTitleText_phishing");
+el.parentNode.removeChild(el);
+el = document.getElementById("errorShortDescText_phishing");
+el.parentNode.removeChild(el);
+el = document.getElementById("errorLongDescText_phishing");
+el.parentNode.removeChild(el);
+// Set sitename
+document.getElementById("malware_sitename").textContent = getHostString();
+document.title = document.getElementById("errorTitleText_malware")
+.innerHTML;
+}
+/**
+* Initialize custom strings and functionality for blocked phishing case
+*/
+function initPage_phishing()
+{
+// Remove malware strings
+var el = document.getElementById("errorTitleText_malware");
+el.parentNode.removeChild(el);
+el = document.getElementById("errorShortDescText_malware");
+el.parentNode.removeChild(el);
+el = document.getElementById("errorLongDescText_malware");
+el.parentNode.removeChild(el);
+// Set sitename
+document.getElementById("phishing_sitename").textContent = getHostString();
+document.title = document.getElementById("errorTitleText_phishing")
+.innerHTML;
+}
+]]></script>
+<style type="text/css">
+/* Style warning button to look like a small text link in the
+bottom right. This is preferable to just using a text link
+since there is already a mechanism in browser.js for trapping
+oncommand events from unprivileged chrome pages (BrowserOnCommand).*/
+#ignoreWarningButton {
+-moz-appearance: none;
+background: transparent;
+border: none;
+color: white;  /* Hard coded because netError.css forces this page's background to dark red */
+text-decoration: underline;
+margin: 0;
+padding: 0;
+position: relative;
+top: 23px;
+left: 20px;
+font-size: smaller;
+}
+#ignoreWarning {
+text-align: right;
+}
+</style>
+</head>
+<body dir="&locale.dir;">
+<div id="errorPageContainer">
+<!-- Error Title -->
+<div id="errorTitle">
+<h1 id="errorTitleText_phishing">&safeb.blocked.phishingPage.title;</h1>
+<h1 id="errorTitleText_malware">&safeb.blocked.malwarePage.title;</h1>
+</div>
+<div id="errorLongContent">
+<!-- Short Description -->
+<div id="errorShortDesc">
+<p id="errorShortDescText_phishing">&safeb.blocked.phishingPage.shortDesc;</p>
+<p id="errorShortDescText_malware">&safeb.blocked.malwarePage.shortDesc;</p>
+</div>
+<!-- Long Description -->
+<div id="errorLongDesc">
+<p id="errorLongDescText_phishing">&safeb.blocked.phishingPage.longDesc;</p>
+<p id="errorLongDescText_malware">&safeb.blocked.malwarePage.longDesc;</p>
+</div>
+<!-- Action buttons -->
+<div id="buttons">
+<!-- Commands handled in browser.js -->
+<button id="getMeOutButton">&safeb.palm.accept.label;</button>
+<button id="reportButton">&safeb.palm.reportPage.label;</button>
+</div>
+</div>
+<div id="ignoreWarning">
+<button id="ignoreWarningButton">&safeb.palm.decline.label;</button>
+</div>
+</div>
+<!--
+- Note: It is important to run the script this way, instead of using
+- an onload handler. This is because error pages are loaded as
+- LOAD_BACKGROUND, which means that onload handlers will not be executed.
+-->
+<script type="application/javascript">initPage();</script>
+</body>
+</html>

The Tor Browser / file comparison

comparison: browser/base/content/blockedSite.xhtml

browser/base/content/blockedSite.xhtml