Trick to Bill Interstitial Page

Add a Safe Browsing Interstitial Page for Trick to Bill.

Add a Trick to Bill enum to SBThreatType and
SBInterstitialReason.

Overview CL:
https://chromium-review.googlesource.com/c/chromium/src/+/1148598

Testing:
- SafeBrowsingBlockingPageTest.TrickToBillPage unit test

Bug: 867518
Change-Id: I0f5c342f419c2f326c7f25fa7e965d47ed242bbd
Reviewed-on: https://chromium-review.googlesource.com/1150917Reviewed-by: Varun Khaneja <vakh@chromium.org>
Reviewed-by: Mustafa Emre Acer <meacer@chromium.org>
Commit-Queue: Sarah Chan <spqchan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#579442}

chrome/browser/interstitials/enterprise_util.cc

@@ -81,6 +81,7 @@ std::string GetThreatTypeStringForInterstitial(
     case safe_browsing::SB_THREAT_TYPE_URL_CLIENT_SIDE_MALWARE:
       return "MALWARE";
     case safe_browsing::SB_THREAT_TYPE_URL_UNWANTED:
+    case safe_browsing::SB_THREAT_TYPE_TRICK_TO_BILL:
       return "HARMFUL";
     case safe_browsing::SB_THREAT_TYPE_UNUSED:
     case safe_browsing::SB_THREAT_TYPE_SAFE:

chrome/browser/safe_browsing/safe_browsing_blocking_page.h

@@ -97,6 +97,7 @@ class SafeBrowsingBlockingPage : public BaseBlockingPage {
                            ExtendedReportingNotShownInIncognito);
   FRIEND_TEST_ALL_PREFIXES(SafeBrowsingBlockingPageTest,
                            ExtendedReportingNotShownNotAllowExtendedReporting);
+  FRIEND_TEST_ALL_PREFIXES(SafeBrowsingBlockingPageTest, TrickToBillPage);
 
   void UpdateReportingPref();  // Used for the transition from old to new pref.
 

chrome/browser/safe_browsing/safe_browsing_blocking_page_unittest.cc

@@ -289,8 +289,14 @@ class SafeBrowsingBlockingPageTest : public ChromeRenderViewHostTestHarness {
   }
 
   void ShowInterstitial(bool is_subresource, const char* url) {
+    ShowInterstitial(is_subresource, url, SB_THREAT_TYPE_URL_MALWARE);
+  }
+
+  void ShowInterstitial(bool is_subresource,
+                        const char* url,
+                        SBThreatType type) {
     security_interstitials::UnsafeResource resource;
-    InitResource(&resource, is_subresource, GURL(url));
+    InitResource(&resource, is_subresource, GURL(url), type);
     SafeBrowsingBlockingPage::ShowBlockingPage(ui_manager_.get(), resource);
   }
 
@@ -345,7 +351,8 @@ class SafeBrowsingBlockingPageTest : public ChromeRenderViewHostTestHarness {
  private:
   void InitResource(security_interstitials::UnsafeResource* resource,
                     bool is_subresource,
-                    const GURL& url) {
+                    const GURL& url,
+                    SBThreatType type) {
     resource->callback =
         base::Bind(&SafeBrowsingBlockingPageTest::OnBlockingPageComplete,
                    base::Unretained(this));
@@ -353,7 +360,7 @@ class SafeBrowsingBlockingPageTest : public ChromeRenderViewHostTestHarness {
         content::BrowserThread::IO);
     resource->url = url;
     resource->is_subresource = is_subresource;
-    resource->threat_type = SB_THREAT_TYPE_URL_MALWARE;
+    resource->threat_type = type;
     resource->web_contents_getter =
         security_interstitials::UnsafeResource::GetWebContentsGetter(
             web_contents()->GetMainFrame()->GetProcess()->GetID(),
@@ -942,6 +949,53 @@ TEST_F(SafeBrowsingBlockingPageTest,
   ui_manager_->GetThreatDetails()->clear();
 }
 
+// Tests showing a blocking page for trick-to-bill.
+TEST_F(SafeBrowsingBlockingPageTest, TrickToBillPage) {
+  // Start a load.
+  controller().LoadURL(GURL(kBadURL), content::Referrer(),
+                       ui::PAGE_TRANSITION_TYPED, std::string());
+
+  // Simulate the load causing a safe browsing interstitial to be shown.
+  ShowInterstitial(false, kBadURL, SB_THREAT_TYPE_TRICK_TO_BILL);
+
+  SafeBrowsingBlockingPage* sb_interstitial = GetSafeBrowsingBlockingPage();
+  ASSERT_TRUE(sb_interstitial);
+
+  base::DictionaryValue load_time_data;
+  sb_interstitial->sb_error_ui()->PopulateStringsForHtml(&load_time_data);
+
+  base::string16 str;
+
+  load_time_data.GetString("heading", &str);
+  EXPECT_EQ(str, l10n_util::GetStringUTF16(IDS_TRICK_TO_BILL_HEADING));
+  load_time_data.GetString("primaryParagraph", &str);
+  EXPECT_EQ(str,
+            l10n_util::GetStringUTF16(IDS_TRICK_TO_BILL_PRIMARY_PARAGRAPH));
+  load_time_data.GetString("primaryButtonText", &str);
+  EXPECT_EQ(str, l10n_util::GetStringUTF16(IDS_TRICK_TO_BILL_PRIMARY_BUTTON));
+  load_time_data.GetString("proceedButtonText", &str);
+  EXPECT_EQ(str, l10n_util::GetStringUTF16(IDS_TRICK_TO_BILL_PROCEED_BUTTON));
+
+  load_time_data.GetString("openDetails", &str);
+  EXPECT_EQ(str, base::string16());
+  load_time_data.GetString("closeDetails", &str);
+  EXPECT_EQ(str, base::string16());
+  load_time_data.GetString("explanationParagraph", &str);
+  EXPECT_EQ(str, base::string16());
+  load_time_data.GetString("finalParagraph", &str);
+  EXPECT_EQ(str, base::string16());
+
+  bool flag;
+  load_time_data.GetBoolean("trick_to_bill", &flag);
+  EXPECT_TRUE(flag);
+  load_time_data.GetBoolean("phishing", &flag);
+  EXPECT_FALSE(flag);
+  load_time_data.GetBoolean("overridable", &flag);
+  EXPECT_TRUE(flag);
+  load_time_data.GetBoolean("hide_primary_button", &flag);
+  EXPECT_FALSE(flag);
+}
+
 class SafeBrowsingBlockingQuietPageTest
     : public ChromeRenderViewHostTestHarness {
  public:

chrome/browser/ssl/security_state_tab_helper.cc

@@ -260,6 +260,9 @@ SecurityStateTabHelper::GetMaliciousContentStatus() const {
     switch (threat_type) {
       case safe_browsing::SB_THREAT_TYPE_UNUSED:
       case safe_browsing::SB_THREAT_TYPE_SAFE:
+      // TODO(https://crbug.com/867518): Create a malicious trick to bill enum
+      // and return it.
+      case safe_browsing::SB_THREAT_TYPE_TRICK_TO_BILL:
         break;
       case safe_browsing::SB_THREAT_TYPE_URL_PHISHING:
       case safe_browsing::SB_THREAT_TYPE_URL_CLIENT_SIDE_PHISHING:

chrome/browser/ui/webui/interstitials/interstitial_ui.cc

@@ -280,6 +280,8 @@ safe_browsing::SafeBrowsingBlockingPage* CreateSafeBrowsingBlockingPage(
       threat_type = safe_browsing::SB_THREAT_TYPE_URL_CLIENT_SIDE_MALWARE;
     } else if (type_param == "clientside_phishing") {
       threat_type = safe_browsing::SB_THREAT_TYPE_URL_CLIENT_SIDE_PHISHING;
+    } else if (type_param == "trick_to_bill") {
+      threat_type = safe_browsing::SB_THREAT_TYPE_TRICK_TO_BILL;
     }
   }
   safe_browsing::SafeBrowsingBlockingPage::UnsafeResource resource;

chrome/browser/ui/webui/interstitials/interstitial_ui_browsertest.cc

@@ -125,6 +125,12 @@ IN_PROC_BROWSER_TEST_F(InterstitialUITest, ClientsidePhishingInterstitial) {
       "Security error");
 }
 
+IN_PROC_BROWSER_TEST_F(InterstitialUITest, TrickToBillInterstitial) {
+  TestInterstitial(
+      GURL("chrome://interstitials/safebrowsing?type=trick_to_bill"),
+      "Security error");
+}
+
 IN_PROC_BROWSER_TEST_F(InterstitialUITest, CaptivePortalInterstitial) {
   TestInterstitial(GURL("chrome://interstitials/captiveportal"),
                    "Connect to network");

components/safe_browsing/base_blocking_page.cc

@@ -239,6 +239,9 @@ std::string BaseBlockingPage::GetMetricPrefix(
       return primary_subresource ? "malware_subresource" : "malware";
     case BaseSafeBrowsingErrorUI::SB_REASON_HARMFUL:
       return primary_subresource ? "harmful_subresource" : "harmful";
+    case BaseSafeBrowsingErrorUI::SB_REASON_TRICK_TO_BILL:
+      return primary_subresource ? "trick_to_bill_subresource"
+                                 : "trick_to_bill";
     case BaseSafeBrowsingErrorUI::SB_REASON_PHISHING:
       ThreatPatternType threat_pattern_type =
           unsafe_resources[0].threat_metadata.threat_pattern_type;
@@ -291,10 +294,15 @@ BaseBlockingPage::GetInterstitialReason(
        iter != unsafe_resources.end(); ++iter) {
     const BaseUIManager::UnsafeResource& resource = *iter;
     safe_browsing::SBThreatType threat_type = resource.threat_type;
+    if (threat_type == SB_THREAT_TYPE_TRICK_TO_BILL)
+      return BaseSafeBrowsingErrorUI::SB_REASON_TRICK_TO_BILL;
+
     if (threat_type == SB_THREAT_TYPE_URL_MALWARE ||
         threat_type == SB_THREAT_TYPE_URL_CLIENT_SIDE_MALWARE) {
       return BaseSafeBrowsingErrorUI::SB_REASON_MALWARE;
-    } else if (threat_type == SB_THREAT_TYPE_URL_UNWANTED) {
+    }
+
+    if (threat_type == SB_THREAT_TYPE_URL_UNWANTED) {
       harmful = true;
     } else {
       DCHECK(threat_type == SB_THREAT_TYPE_URL_PHISHING ||

components/safe_browsing/db/v4_protocol_manager_util.h

@@ -140,6 +140,9 @@ enum SBThreatType {
 
   // Enterprise password reuse detected on low reputation page,
   SB_THREAT_TYPE_ENTERPRISE_PASSWORD_REUSE,
+
+  // Deceptive mobile billing practice detected.
+  SB_THREAT_TYPE_TRICK_TO_BILL,
 };
 
 using SBThreatTypeSet = base::flat_set<SBThreatType>;

components/security_interstitials/core/base_safe_browsing_error_ui.h

@@ -23,6 +23,7 @@ class BaseSafeBrowsingErrorUI {
     SB_REASON_MALWARE,
     SB_REASON_HARMFUL,
     SB_REASON_PHISHING,
+    SB_REASON_TRICK_TO_BILL,
   };
 
   struct SBErrorDisplayOptions {

components/security_interstitials/core/browser/resources/extended_reporting.js

@@ -26,9 +26,14 @@ function setupExtendedReportingCheckbox() {
   $('opt-in-checkbox').checked = loadTimeData.getBoolean(SB_BOX_CHECKED);
   $('extended-reporting-opt-in').classList.remove('hidden');
 
-  var className = interstitialType == 'SAFEBROWSING' ?
-                  'safe-browsing-opt-in' :
-                  'ssl-opt-in';
+  var trickToBill = interstitialType == 'SAFEBROWSING' &&
+                    loadTimeData.getBoolean('trick_to_bill');
+
+  var className = 'ssl-opt-in';
+  if (interstitialType == 'SAFEBROWSING' && !trickToBill) {
+    className = 'safe-browsing-opt-in';
+  }
+
   $('extended-reporting-opt-in').classList.add(className);
 
   $('body').classList.add('extended-reporting-has-checkbox');

components/security_interstitials/core/browser/resources/interstitial_large.html

@@ -47,6 +47,7 @@
     </div>
     <div class="nav-wrapper">
       <button id="primary-button">$i18n{primaryButtonText}</button>
+      <button id="proceed-button" class="small-link hidden"></button>
       <button id="details-button" class="small-link">
         $i18n{openDetails}
       </button>

components/security_interstitials/core/browser/resources/interstitial_large.js

@@ -68,6 +68,8 @@ function setupEvents() {
   var ssl = interstitialType == 'SSL';
   var captivePortal = interstitialType == 'CAPTIVE_PORTAL';
   var badClock = ssl && loadTimeData.getBoolean('bad_clock');
+  var trickToBill = interstitialType == 'SAFEBROWSING' &&
+                    loadTimeData.getBoolean('trick_to_bill');
   var hidePrimaryButton = loadTimeData.getBoolean('hide_primary_button');
   var showRecurrentErrorParagraph = loadTimeData.getBoolean(
     'show_recurrent_error_paragraph');
@@ -78,6 +80,8 @@ function setupEvents() {
     $('error-code').classList.remove(HIDDEN_CLASS);
   } else if (captivePortal) {
     $('body').classList.add('captive-portal');
+  } else if (trickToBill) {
+    $('body').classList.add('safe-browsing-trick-to-bill');
   } else {
     $('body').classList.add('safe-browsing');
     // Override the default theme color.
@@ -116,17 +120,23 @@ function setupEvents() {
   }
 
   if (overridable) {
+    var overrideElement = trickToBill ? 'proceed-button' : 'proceed-link';
     // Captive portal page isn't overridable.
-    $('proceed-link').addEventListener('click', function(event) {
+    $(overrideElement).addEventListener('click', function(event) {
       sendCommand(SecurityInterstitialCommandId.CMD_PROCEED);
     });
+
+    if (ssl) {
+      $(overrideElement).classList.add('small-link');
+    } else if (trickToBill) {
+      $(overrideElement).classList.remove(HIDDEN_CLASS);
+      $(overrideElement).textContent =
+          loadTimeData.getString('proceedButtonText');
+    }
   } else if (!ssl) {
     $('final-paragraph').classList.add(HIDDEN_CLASS);
   }
 
-  if (ssl && overridable) {
-    $('proceed-link').classList.add('small-link');
-  }
 
   if (!ssl || !showRecurrentErrorParagraph) {
     $('recurrent-error-message').classList.add(HIDDEN_CLASS);
@@ -146,8 +156,8 @@ function setupEvents() {
     });
   }
 
-  if (captivePortal) {
-    // Captive portal page doesn't have details button.
+  if (captivePortal || trickToBill) {
+    // Captive portal and trick-to-bill pages don't have details button.
     $('details-button').classList.add('hidden');
   } else {
     $('details-button').addEventListener('click', function(event) {

components/security_interstitials/core/browser/resources/interstitial_safebrowsing.css

@@ -42,4 +42,22 @@ body.safe-browsing {
     background: rgb(206, 52, 38);
     box-shadow: 0 -22px 40px rgb(206, 52, 38);
   }
-}
+}
\ No newline at end of file
+
+.safe-browsing-trick-to-bill .small-link {
+  background-color: white;
+  border:none;
+  float: none;
+}
+
+.safe-browsing-trick-to-bill .small-link:hover {
+  box-shadow: none;
+}
+
+.safe-browsing-trick-to-bill .icon {
+  background-image: -webkit-image-set(
+      url(images/1x/triangle_red.png) 1x,
+      url(images/2x/triangle_red.png) 2x);
+}
+
+

components/security_interstitials/core/browser/resources/list_of_interstitials.html

@@ -71,6 +71,9 @@
     <li>
       <a href="safebrowsing?type=clientside_phishing">Client Side Phishing</a>
     </li>
+    <li>
+      <a href="safebrowsing?type=trick_to_bill">Trick To Bill</a>
+    </li>
   </ul>
   <h4>Quiet (WebView)</h4>
   <ul>

components/security_interstitials/core/common/resources/interstitial_common.css

@@ -26,7 +26,8 @@ button {
 .neterror button,
 .offline button,
 .pdf button,
-.ssl button {
+.ssl button,
+.safe-browsing-trick-to-bill button {
   background: rgb(66, 133, 244);
 }
 

components/security_interstitials/core/safe_browsing_loud_error_ui.cc

@@ -93,6 +93,10 @@ void SafeBrowsingLoudErrorUI::PopulateStringsForHtml(
       "hide_primary_button",
       always_show_back_to_safety() ? false : !controller()->CanGoBack());
 
+  load_time_data->SetBoolean(
+      "trick_to_bill", interstitial_reason() ==
+                           BaseSafeBrowsingErrorUI::SB_REASON_TRICK_TO_BILL);
+
   switch (interstitial_reason()) {
     case BaseSafeBrowsingErrorUI::SB_REASON_MALWARE:
       PopulateMalwareLoadTimeData(load_time_data);
@@ -103,6 +107,9 @@ void SafeBrowsingLoudErrorUI::PopulateStringsForHtml(
     case BaseSafeBrowsingErrorUI::SB_REASON_PHISHING:
       PopulatePhishingLoadTimeData(load_time_data);
       break;
+    case BaseSafeBrowsingErrorUI::SB_REASON_TRICK_TO_BILL:
+      PopulateTrickToBillLoadTimeData(load_time_data);
+      break;
   }
 
   // Not used by this interstitial.
@@ -309,6 +316,31 @@ void SafeBrowsingLoudErrorUI::PopulateExtendedReportingOption(
                              is_extended_reporting_enabled());
 }
 
+void SafeBrowsingLoudErrorUI::PopulateTrickToBillLoadTimeData(
+    base::DictionaryValue* load_time_data) {
+  load_time_data->SetBoolean("phishing", false);
+  load_time_data->SetBoolean("overridable", true);
+  load_time_data->SetBoolean("hide_primary_button", false);
+
+  load_time_data->SetString(
+      "heading", l10n_util::GetStringUTF16(IDS_TRICK_TO_BILL_HEADING));
+  load_time_data->SetString(
+      "primaryParagraph",
+      l10n_util::GetStringUTF16(IDS_TRICK_TO_BILL_PRIMARY_PARAGRAPH));
+
+  load_time_data->SetString(
+      "primaryButtonText",
+      l10n_util::GetStringUTF16(IDS_TRICK_TO_BILL_PRIMARY_BUTTON));
+  load_time_data->SetString(
+      "proceedButtonText",
+      l10n_util::GetStringUTF16(IDS_TRICK_TO_BILL_PROCEED_BUTTON));
+
+  load_time_data->SetString("openDetails", "");
+  load_time_data->SetString("closeDetails", "");
+  load_time_data->SetString("explanationParagraph", "");
+  load_time_data->SetString("finalParagraph", "");
+}
+
 int SafeBrowsingLoudErrorUI::GetHTMLTemplateId() const {
   return IDR_SECURITY_INTERSTITIAL_HTML;
 };

components/security_interstitials/core/safe_browsing_loud_error_ui.h

@@ -47,6 +47,7 @@ class SafeBrowsingLoudErrorUI
   void PopulateMalwareLoadTimeData(base::DictionaryValue* load_time_data);
   void PopulateHarmfulLoadTimeData(base::DictionaryValue* load_time_data);
   void PopulatePhishingLoadTimeData(base::DictionaryValue* load_time_data);
+  void PopulateTrickToBillLoadTimeData(base::DictionaryValue* load_time_data);
 
   DISALLOW_COPY_AND_ASSIGN(SafeBrowsingLoudErrorUI);
 };

components/security_interstitials_strings.grdp

@@ -381,4 +381,18 @@
       </ol>
     </message>
   </if>
+
+  <!-- Trick to Bill interstitial -->
+  <message name="IDS_TRICK_TO_BILL_HEADING" desc="The large heading at the top of the trick to bill interstitial.">
+    The page ahead may try to charge you money
+  </message>
+  <message name="IDS_TRICK_TO_BILL_PRIMARY_PARAGRAPH" desc="The primary explanatory paragraph for the trick to bill interstitial.">
+    These charges could be one-time or recurring and may not be obvious.
+  </message>
+  <message name="IDS_TRICK_TO_BILL_PRIMARY_BUTTON" desc="The text for the trick to bill interstitial primary button.">
+    Go Back
+  </message>
+  <message name="IDS_TRICK_TO_BILL_PROCEED_BUTTON" desc="The text for the trick to bill interstitial proceed button.">
+    Proceed
+  </message>
 </grit-part>

components/security_interstitials_strings_grdp/IDS_TRICK_TO_BILL_HEADING.png.sha1

+daf13e4d1d9d61fd9c357af7b52e3fb52c02e7f8
\ No newline at end of file

components/security_interstitials_strings_grdp/IDS_TRICK_TO_BILL_PRIMARY_BUTTON.png.sha1

+daf13e4d1d9d61fd9c357af7b52e3fb52c02e7f8
\ No newline at end of file

components/security_interstitials_strings_grdp/IDS_TRICK_TO_BILL_PRIMARY_PARAGRAPH.png.sha1

+daf13e4d1d9d61fd9c357af7b52e3fb52c02e7f8
\ No newline at end of file

components/security_interstitials_strings_grdp/IDS_TRICK_TO_BILL_PROCEED_BUTTON.png.sha1

+daf13e4d1d9d61fd9c357af7b52e3fb52c02e7f8
\ No newline at end of file