Implement CanShowEnhancedProtectionMessage.

The goal is to replace the SBER checkbox with the enhanced protection
message. Enhanced protection message is shown when:
1 Not in incognito mode
2 kEnhancedProtectionMessageInInterstitials flag is enabled.
3 Safe Browsing pref is not managed by policies.
4 Enhanced protection is not already turned on.

Bug: 1130721
Change-Id: Ic7175c6210023ebe23e5cd7aedacadf39091528a
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2430826
Commit-Queue: Xinghui Lu <xinghuilu@chromium.org>
Reviewed-by: Ali Juma <ajuma@chromium.org>
Reviewed-by: Nate Fischer <ntfschr@chromium.org>
Reviewed-by: Carlos IL <carlosil@chromium.org>
Reviewed-by: Varun Khaneja <vakh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#813990}

android_webview/browser/safe_browsing/aw_safe_browsing_blocking_page.cc

@@ -16,6 +16,7 @@
 #include "base/metrics/histogram_macros.h"
 #include "components/prefs/pref_service.h"
 #include "components/safe_browsing/content/browser/threat_details.h"
+#include "components/safe_browsing/core/common/safe_browsing_prefs.h"
 #include "components/safe_browsing/core/common/safebrowsing_constants.h"
 #include "components/safe_browsing/core/features.h"
 #include "components/safe_browsing/core/triggers/trigger_manager.h"
@@ -96,6 +97,8 @@ AwSafeBrowsingBlockingPage* AwSafeBrowsingBlockingPage::CreateBlockingPage(
   AwBrowserContext* browser_context =
       AwBrowserContext::FromWebContents(web_contents);
   PrefService* pref_service = browser_context->GetPrefService();
+  // TODO(crbug.com/1134678): Set is_enhanced_protection_message_enabled once
+  // enhanced protection is supported on aw.
   BaseSafeBrowsingErrorUI::SBErrorDisplayOptions display_options =
       BaseSafeBrowsingErrorUI::SBErrorDisplayOptions(
           IsMainPageLoadBlocked(unsafe_resources),
@@ -105,8 +108,10 @@ AwSafeBrowsingBlockingPage* AwSafeBrowsingBlockingPage::CreateBlockingPage(
           safe_browsing::IsExtendedReportingPolicyManaged(*pref_service),
           safe_browsing::IsEnhancedProtectionEnabled(*pref_service),
           pref_service->GetBoolean(::prefs::kSafeBrowsingProceedAnywayDisabled),
-          false,                    // should_open_links_in_new_tab
-          false,                    // always_show_back_to_safety
+          false,  // should_open_links_in_new_tab
+          false,  // always_show_back_to_safety
+          false,  // is_enhanced_protection_message_enabled
+          safe_browsing::IsSafeBrowsingPolicyManaged(*pref_service),
           "cpn_safe_browsing_wv");  // help_center_article_link
 
   ErrorUiType errorType =

chrome/browser/safe_browsing/safe_browsing_blocking_page.cc

@@ -84,7 +84,8 @@ class SafeBrowsingBlockingPageFactoryImpl
         IsEnhancedProtectionEnabled(*prefs), is_proceed_anyway_disabled,
         true,  // should_open_links_in_new_tab
         true,  // always_show_back_to_safety
-        kHelpCenterLink);
+        IsEnhancedProtectionMessageInInterstitialsEnabled(),
+        IsSafeBrowsingPolicyManaged(*prefs), kHelpCenterLink);
 
     return new SafeBrowsingBlockingPage(
         ui_manager, web_contents, main_frame_url, unsafe_resources,

chrome/browser/safe_browsing/safe_browsing_blocking_page_test.cc

@@ -29,6 +29,7 @@
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/interstitials/security_interstitial_idn_test.h"
 #include "chrome/browser/password_manager/password_manager_test_base.h"
+#include "chrome/browser/policy/policy_test_utils.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/renderer_context_menu/render_view_context_menu_test_util.h"
 #include "chrome/browser/safe_browsing/safe_browsing_blocking_page.h"
@@ -49,6 +50,9 @@
 #include "components/google/core/common/google_util.h"
 #include "components/omnibox/browser/omnibox_prefs.h"
 #include "components/permissions/permission_util.h"
+#include "components/policy/core/common/policy_map.h"
+#include "components/policy/core/common/policy_types.h"
+#include "components/policy/policy_constants.h"
 #include "components/prefs/pref_service.h"
 #include "components/safe_browsing/content/browser/threat_details.h"
 #include "components/safe_browsing/content/common/safe_browsing.mojom.h"
@@ -114,6 +118,7 @@ const char kPageWithCrossOriginMaliciousIframe[] =
 const char kCrossOriginMaliciousIframeHost[] = "malware.test";
 const char kMaliciousIframe[] = "/safe_browsing/malware_iframe.html";
 const char kUnrelatedUrl[] = "https://www.google.com";
+const char kEnhancedProtectionUrl[] = "chrome://settings/security?q=enhanced";
 
 }  // namespace
 
@@ -173,7 +178,7 @@ Visibility GetVisibility(Browser* browser, const std::string& node_id) {
 bool Click(Browser* browser, const std::string& node_id) {
   DCHECK(node_id == "primary-button" || node_id == "proceed-link" ||
          node_id == "whitepaper-link" || node_id == "details-button" ||
-         node_id == "opt-in-checkbox")
+         node_id == "opt-in-checkbox" || node_id == "enhanced-protection-link")
       << "Unexpected node_id: " << node_id;
   content::RenderFrameHost* rfh = GetRenderFrameHost(browser);
   if (!rfh)
@@ -436,6 +441,8 @@ class TestSafeBrowsingBlockingPageFactory
         IsEnhancedProtectionEnabled(*prefs), is_proceed_anyway_disabled,
         true,  // should_open_links_in_new_tab
         always_show_back_to_safety_,
+        IsEnhancedProtectionMessageInInterstitialsEnabled(),
+        IsSafeBrowsingPolicyManaged(*prefs),
         "cpn_safe_browsing" /* help_center_article_link */);
     return new TestSafeBrowsingBlockingPage(
         delegate, web_contents, main_frame_url, unsafe_resources,
@@ -2604,4 +2611,142 @@ IN_PROC_BROWSER_TEST_P(
   EXPECT_TRUE(IsShowingInterstitial(contents));
 }
 
+class SafeBrowsingBlockingPageEnhancedProtectionMessageTest
+    : public policy::PolicyTest {
+ public:
+  SafeBrowsingBlockingPageEnhancedProtectionMessageTest() = default;
+
+  void SetUp() override {
+    scoped_feature_list_.InitAndEnableFeature(
+        safe_browsing::kEnhancedProtectionMessageInInterstitials);
+    InProcessBrowserTest::SetUp();
+  }
+
+  void SetUpOnMainThread() override {
+    host_resolver()->AddRule("*", "127.0.0.1");
+    content::SetupCrossSiteRedirector(embedded_test_server());
+    ASSERT_TRUE(embedded_test_server()->Start());
+  }
+
+  void CreatedBrowserMainParts(
+      content::BrowserMainParts* browser_main_parts) override {
+    // Test UI manager and test database manager should be set before
+    // the browser is started but after threads are created.
+    factory_.SetTestUIManager(new FakeSafeBrowsingUIManager());
+    factory_.SetTestDatabaseManager(new FakeSafeBrowsingDatabaseManager());
+    SafeBrowsingService::RegisterFactory(&factory_);
+    SafeBrowsingBlockingPage::RegisterFactory(&blocking_page_factory_);
+    ThreatDetails::RegisterFactory(&details_factory_);
+  }
+
+ protected:
+  void SetupWarningAndNavigateToURL(GURL url, Browser* browser) {
+    TestSafeBrowsingService* service = factory_.test_safe_browsing_service();
+    ASSERT_TRUE(service);
+
+    static_cast<FakeSafeBrowsingDatabaseManager*>(
+        service->database_manager().get())
+        ->SetURLThreatType(url, SB_THREAT_TYPE_URL_MALWARE);
+
+    ui_test_utils::NavigateToURL(browser, url);
+    EXPECT_TRUE(WaitForReady(browser));
+  }
+
+ private:
+  TestSafeBrowsingServiceFactory factory_;
+  TestSafeBrowsingBlockingPageFactory blocking_page_factory_;
+  TestThreatDetailsFactory details_factory_;
+  base::test::ScopedFeatureList scoped_feature_list_;
+
+  DISALLOW_COPY_AND_ASSIGN(
+      SafeBrowsingBlockingPageEnhancedProtectionMessageTest);
+};
+
+IN_PROC_BROWSER_TEST_F(SafeBrowsingBlockingPageEnhancedProtectionMessageTest,
+                       VerifyEnhancedProtectionMessageShownAndClicked) {
+  safe_browsing::SetExtendedReportingPrefForTests(
+      browser()->profile()->GetPrefs(), true);
+  safe_browsing::SetSafeBrowsingState(
+      browser()->profile()->GetPrefs(),
+      safe_browsing::SafeBrowsingState::STANDARD_PROTECTION);
+  SetupWarningAndNavigateToURL(embedded_test_server()->GetURL("/empty.html"),
+                               browser());
+
+  // Check SBER opt in is not shown.
+  EXPECT_EQ(HIDDEN, ::safe_browsing::GetVisibility(
+                        browser(), "extended-reporting-opt-in"));
+  // Check enhanced protection message is shown.
+  EXPECT_EQ(VISIBLE, ::safe_browsing::GetVisibility(
+                         browser(), "enhanced-protection-message"));
+  WebContents* interstitial_tab =
+      browser()->tab_strip_model()->GetActiveWebContents();
+  ASSERT_TRUE(interstitial_tab);
+  ASSERT_TRUE(IsShowingInterstitial(
+      browser()->tab_strip_model()->GetActiveWebContents()));
+
+  content::TestNavigationObserver nav_observer(nullptr);
+  nav_observer.StartWatchingNewWebContents();
+  // Click the enhanced protection link.
+  EXPECT_TRUE(Click(browser(), "enhanced-protection-link"));
+
+  nav_observer.Wait();
+
+  // There are two tabs open.
+  EXPECT_EQ(2, browser()->tab_strip_model()->count());
+  // The second tab is visible.
+  EXPECT_EQ(1, browser()->tab_strip_model()->active_index());
+
+  // Assert the interstitial is not present in the foreground tab.
+  ASSERT_FALSE(IsShowingInterstitial(
+      browser()->tab_strip_model()->GetActiveWebContents()));
+
+  // Foreground tab displays the setting page.
+  WebContents* new_tab = browser()->tab_strip_model()->GetActiveWebContents();
+  ASSERT_TRUE(new_tab);
+  EXPECT_EQ(GURL(kEnhancedProtectionUrl), new_tab->GetURL());
+
+  // Interstitial should still display in the background tab.
+  browser()->tab_strip_model()->ActivateTabAt(
+      0, {TabStripModel::GestureType::kOther});
+  EXPECT_EQ(0, browser()->tab_strip_model()->active_index());
+  EXPECT_EQ(interstitial_tab,
+            browser()->tab_strip_model()->GetActiveWebContents());
+  EXPECT_TRUE(IsShowingInterstitial(
+      browser()->tab_strip_model()->GetActiveWebContents()));
+}
+
+IN_PROC_BROWSER_TEST_F(SafeBrowsingBlockingPageEnhancedProtectionMessageTest,
+                       VerifyEnhancedProtectionMessageNotShownAlreadyInEp) {
+  safe_browsing::SetExtendedReportingPrefForTests(
+      browser()->profile()->GetPrefs(), true);
+  safe_browsing::SetSafeBrowsingState(
+      browser()->profile()->GetPrefs(),
+      safe_browsing::SafeBrowsingState::ENHANCED_PROTECTION);
+  SetupWarningAndNavigateToURL(embedded_test_server()->GetURL("/empty.html"),
+                               browser());
+  EXPECT_TRUE(IsShowingInterstitial(
+      browser()->tab_strip_model()->GetActiveWebContents()));
+  // Check enhanced protection message is not shown.
+  EXPECT_EQ(HIDDEN, ::safe_browsing::GetVisibility(
+                        browser(), "enhanced-protection-message"));
+}
+
+IN_PROC_BROWSER_TEST_F(SafeBrowsingBlockingPageEnhancedProtectionMessageTest,
+                       VerifyEnhancedProtectionMessageNotShownManaged) {
+  policy::PolicyMap policies;
+  policies.Set(policy::key::kSafeBrowsingProtectionLevel,
+               policy::POLICY_LEVEL_MANDATORY, policy::POLICY_SCOPE_USER,
+               policy::POLICY_SOURCE_CLOUD,
+               base::Value(/* standard protection */ 1), nullptr);
+  UpdateProviderPolicy(policies);
+  SetupWarningAndNavigateToURL(embedded_test_server()->GetURL("/empty.html"),
+                               browser());
+
+  EXPECT_TRUE(IsShowingInterstitial(
+      browser()->tab_strip_model()->GetActiveWebContents()));
+  // Check enhanced protection message is not shown.
+  EXPECT_EQ(HIDDEN, ::safe_browsing::GetVisibility(
+                        browser(), "enhanced-protection-message"));
+}
+
 }  // namespace safe_browsing

chrome/browser/safe_browsing/ui_manager_unittest.cc

@@ -453,6 +453,8 @@ class TestSafeBrowsingBlockingPage : public SafeBrowsingBlockingPage {
                 false,                 // is_proceed_anyway_disabled
                 true,                  // should_open_links_in_new_tab
                 true,                  // always_show_back_to_safety
+                false,                 // is_enhanced_protection_message_enabled
+                false,                 // is_safe_browsing_managed
                 "cpn_safe_browsing"),  // help_center_article_link
             true) {                    // should_trigger_reporting
     // Don't delay details at all for the unittest.

chrome/browser/ssl/ssl_browsertest.cc

@@ -91,6 +91,7 @@
 #include "components/policy/policy_constants.h"
 #include "components/prefs/testing_pref_service.h"
 #include "components/safe_browsing/core/common/safe_browsing_prefs.h"
+#include "components/safe_browsing/core/features.h"
 #include "components/security_interstitials/content/bad_clock_blocking_page.h"
 #include "components/security_interstitials/content/captive_portal_blocking_page.h"
 #include "components/security_interstitials/content/cert_report_helper.h"
@@ -8267,6 +8268,76 @@ IN_PROC_BROWSER_TEST_F(SSLUIAutoReloadTest, AutoReloadDisabled) {
   EXPECT_EQ(base::nullopt, timer);
 }
 
+class SSLUITestWithEnhancedProtectionMessage : public SSLUITest {
+ public:
+  SSLUITestWithEnhancedProtectionMessage() {
+    feature_list_.InitAndEnableFeature(
+        safe_browsing::kEnhancedProtectionMessageInInterstitials);
+  }
+
+ private:
+  base::test::ScopedFeatureList feature_list_;
+};
+
+IN_PROC_BROWSER_TEST_F(SSLUITestWithEnhancedProtectionMessage,
+                       VerifyEnhancedProtectionMessageShown) {
+  safe_browsing::SetExtendedReportingPrefForTests(
+      browser()->profile()->GetPrefs(), true);
+  safe_browsing::SetSafeBrowsingState(
+      browser()->profile()->GetPrefs(),
+      safe_browsing::SafeBrowsingState::STANDARD_PROTECTION);
+  ASSERT_TRUE(https_server_expired_.Start());
+  WebContents* contents = browser()->tab_strip_model()->GetActiveWebContents();
+  ASSERT_TRUE(contents);
+  ui_test_utils::NavigateToURL(
+      browser(), https_server_expired_.GetURL("/ssl/google.html"));
+  WaitForInterstitial(contents);
+  ASSERT_TRUE(chrome_browser_interstitials::IsShowingSSLInterstitial(contents));
+  ExpectInterstitialElementHidden(contents, "extended-reporting-opt-in",
+                                  true /* expect_hidden */);
+  ExpectInterstitialElementHidden(contents, "enhanced-protection-message",
+                                  false /* expect_hidden */);
+}
+
+IN_PROC_BROWSER_TEST_F(SSLUITestWithEnhancedProtectionMessage,
+                       VerifyEnhancedProtectionMessageNotShownAlreadyInEp) {
+  safe_browsing::SetExtendedReportingPrefForTests(
+      browser()->profile()->GetPrefs(), true);
+  safe_browsing::SetSafeBrowsingState(
+      browser()->profile()->GetPrefs(),
+      safe_browsing::SafeBrowsingState::ENHANCED_PROTECTION);
+  ASSERT_TRUE(https_server_expired_.Start());
+  WebContents* contents = browser()->tab_strip_model()->GetActiveWebContents();
+  ASSERT_TRUE(contents);
+  ui_test_utils::NavigateToURL(
+      browser(), https_server_expired_.GetURL("/ssl/google.html"));
+  WaitForInterstitial(contents);
+  ASSERT_TRUE(chrome_browser_interstitials::IsShowingSSLInterstitial(contents));
+  ExpectInterstitialElementHidden(contents, "extended-reporting-opt-in",
+                                  true /* expect_hidden */);
+  ExpectInterstitialElementHidden(contents, "enhanced-protection-message",
+                                  true /* expect_hidden */);
+}
+
+IN_PROC_BROWSER_TEST_F(SSLUITestWithEnhancedProtectionMessage,
+                       VerifyEnhancedProtectionMessageNotShownManaged) {
+  policy::PolicyMap policies;
+  policies.Set(policy::key::kSafeBrowsingProtectionLevel,
+               policy::POLICY_LEVEL_MANDATORY, policy::POLICY_SCOPE_USER,
+               policy::POLICY_SOURCE_CLOUD,
+               base::Value(/* standard protection */ 1), nullptr);
+  UpdateChromePolicy(policies);
+  ASSERT_TRUE(https_server_expired_.Start());
+  WebContents* contents = browser()->tab_strip_model()->GetActiveWebContents();
+  ASSERT_TRUE(contents);
+  ui_test_utils::NavigateToURL(
+      browser(), https_server_expired_.GetURL("/ssl/google.html"));
+  WaitForInterstitial(contents);
+  ASSERT_TRUE(chrome_browser_interstitials::IsShowingSSLInterstitial(contents));
+  ExpectInterstitialElementHidden(contents, "enhanced-protection-message",
+                                  true /* expect_hidden */);
+}
+
 // TODO(jcampan): more tests to do below.
 
 // Visit a page over https that contains a frame with a redirect.

components/safe_browsing/content/base_blocking_page.cc

@@ -86,6 +86,8 @@ BaseBlockingPage::CreateDefaultDisplayOptions(
       false,                 // kSafeBrowsingProceedAnywayDisabled
       false,                 // should_open_links_in_new_tab
       true,                  // always_show_back_to_safety
+      false,                 // is_enhanced_protection_message_enabled
+      false,                 // is_safe_browsing_managed
       "cpn_safe_browsing");  // help_center_article_link
 }
 

components/safe_browsing/core/common/safe_browsing_prefs.cc

@@ -186,6 +186,11 @@ bool IsSafeBrowsingPolicyManaged(const PrefService& prefs) {
          prefs.IsManagedPreference(prefs::kSafeBrowsingEnhanced);
 }
 
+bool IsEnhancedProtectionMessageInInterstitialsEnabled() {
+  return base::FeatureList::IsEnabled(
+      kEnhancedProtectionMessageInInterstitials);
+}
+
 void RecordExtendedReportingMetrics(const PrefService& prefs) {
   // This metric tracks the extended browsing opt-in based on whichever setting
   // the user is currently seeing. It tells us whether extended reporting is

components/safe_browsing/core/common/safe_browsing_prefs.h

@@ -296,6 +296,9 @@ bool IsExtendedReportingPolicyManaged(const PrefService& prefs);
 // SafeBrowsingProtectionLevel policy(new).
 bool IsSafeBrowsingPolicyManaged(const PrefService& prefs);
 
+// Returns whether enhanced protection message is enabled in interstitials.
+bool IsEnhancedProtectionMessageInInterstitialsEnabled();
+
 // Updates UMA metrics about Safe Browsing Extended Reporting states.
 void RecordExtendedReportingMetrics(const PrefService& prefs);
 

components/safe_browsing/core/triggers/trigger_manager.cc

@@ -91,6 +91,8 @@ SBErrorOptions TriggerManager::GetSBErrorDisplayOptions(
                         /*is_proceed_anyway_disabled=*/false,
                         /*should_open_links_in_new_tab=*/false,
                         /*show_back_to_safety_button=*/true,
+                        IsEnhancedProtectionMessageInInterstitialsEnabled(),
+                        IsSafeBrowsingPolicyManaged(pref_service),
                         /*help_center_article_link=*/std::string());
 }
 

components/security_interstitials/content/cert_report_helper.cc

@@ -192,9 +192,33 @@ bool CertReportHelper::ShouldShowCertificateReporterCheckbox() {
 }
 
 bool CertReportHelper::ShouldShowEnhancedProtectionMessage() {
-  // TODO(crbug.com/1130721): Check feature flag, check ep not managed, check
-  // not already in ep. Check not in incognito.
-  return false;
+  // Only show the enhanced protection message iff the user is part of the
+  // respective Finch group and the window is not incognito and Safe Browsing is
+  // not managed by policy and the user is not already in enhanced protection
+  // mode.
+  const bool in_incognito =
+      web_contents_->GetBrowserContext()->IsOffTheRecord();
+  const PrefService* pref_service = GetPrefs(web_contents_);
+  bool is_enhanced_protection_enabled =
+      safe_browsing::IsEnhancedProtectionEnabled(*pref_service);
+  bool is_safe_browsing_managed =
+      safe_browsing::IsSafeBrowsingPolicyManaged(*pref_service);
+  bool is_enhanced_protection_message_enabled =
+      safe_browsing::IsEnhancedProtectionMessageInInterstitialsEnabled();
+
+  if (in_incognito) {
+    return false;
+  }
+  if (is_enhanced_protection_enabled) {
+    return false;
+  }
+  if (is_safe_browsing_managed) {
+    return false;
+  }
+  if (!is_enhanced_protection_message_enabled) {
+    return false;
+  }
+  return true;
 }
 
 bool CertReportHelper::ShouldReportCertificateError() {

components/security_interstitials/core/base_safe_browsing_error_ui.cc

@@ -34,6 +34,8 @@ BaseSafeBrowsingErrorUI::SBErrorDisplayOptions::SBErrorDisplayOptions(
     bool is_proceed_anyway_disabled,
     bool should_open_links_in_new_tab,
     bool always_show_back_to_safety,
+    bool is_enhanced_protection_message_enabled,
+    bool is_safe_browsing_managed,
     const std::string& help_center_article_link)
     : is_main_frame_load_blocked(is_main_frame_load_blocked),
       is_extended_reporting_opt_in_allowed(
@@ -46,6 +48,9 @@ BaseSafeBrowsingErrorUI::SBErrorDisplayOptions::SBErrorDisplayOptions(
       is_proceed_anyway_disabled(is_proceed_anyway_disabled),
       should_open_links_in_new_tab(should_open_links_in_new_tab),
       always_show_back_to_safety(always_show_back_to_safety),
+      is_enhanced_protection_message_enabled(
+          is_enhanced_protection_message_enabled),
+      is_safe_browsing_managed(is_safe_browsing_managed),
       help_center_article_link(help_center_article_link) {}
 
 BaseSafeBrowsingErrorUI::SBErrorDisplayOptions::SBErrorDisplayOptions(
@@ -61,6 +66,9 @@ BaseSafeBrowsingErrorUI::SBErrorDisplayOptions::SBErrorDisplayOptions(
       is_proceed_anyway_disabled(other.is_proceed_anyway_disabled),
       should_open_links_in_new_tab(other.should_open_links_in_new_tab),
       always_show_back_to_safety(other.always_show_back_to_safety),
+      is_enhanced_protection_message_enabled(
+          other.is_enhanced_protection_message_enabled),
+      is_safe_browsing_managed(other.is_safe_browsing_managed),
       help_center_article_link(other.help_center_article_link) {}
 
 }  // security_interstitials

components/security_interstitials/core/base_safe_browsing_error_ui.h

@@ -36,6 +36,8 @@ class BaseSafeBrowsingErrorUI {
                           bool is_proceed_anyway_disabled,
                           bool should_open_links_in_new_tab,
                           bool always_show_back_to_safety,
+                          bool is_enhanced_protection_message_enabled,
+                          bool is_safe_browsing_managed,
                           const std::string& help_center_article_link);
 
     SBErrorDisplayOptions(const SBErrorDisplayOptions& other);
@@ -71,6 +73,13 @@ class BaseSafeBrowsingErrorUI {
     // always set this option to true,
     bool always_show_back_to_safety;
 
+    // Indicates if the feature to show enhanced protection message on the
+    // interstitial is enabled.
+    bool is_enhanced_protection_message_enabled;
+
+    // Indicates if Safe Browsing is managed.
+    bool is_safe_browsing_managed;
+
     // The p= query parameter used when visiting the Help Center. If this is
     // nullptr, then a default value will be used for the SafeBrowsing article.
     std::string help_center_article_link;
@@ -128,6 +137,14 @@ class BaseSafeBrowsingErrorUI {
     return display_options_.help_center_article_link;
   }
 
+  bool is_enhanced_protection_message_enabled() const {
+    return display_options_.is_enhanced_protection_message_enabled;
+  }
+
+  bool is_safe_browsing_managed() const {
+    return display_options_.is_safe_browsing_managed;
+  }
+
   const SBErrorDisplayOptions& get_error_display_options() const {
     return display_options_;
   }
@@ -144,10 +161,16 @@ class BaseSafeBrowsingErrorUI {
            !is_enhanced_protection_enabled();
   }
 
+  // Checks if we should even show the enhanced protection message.
+  // We don't show it:
+  // - in incognito mode, OR
+  // - if kEnhancedProtectionMessageInInterstitials flag is disabled, OR
+  // - if kSafeBrowsingEnabled or kSafeBrowsingEnhanced is managed by enterprise
+  // policy, OR
+  // - if enhanced protection is on
   bool CanShowEnhancedProtectionMessage() {
-    // TODO(crbug.com/1130721): Check feature flag, check ep not managed, check
-    // not already in ep. Check not in incognito.
-    return false;
+    return !is_off_the_record() && is_enhanced_protection_message_enabled() &&
+           !is_safe_browsing_managed() && !is_enhanced_protection_enabled();
   }
 
   SBInterstitialReason interstitial_reason() const {

ios/chrome/browser/safe_browsing/safe_browsing_blocking_page.mm

@@ -64,7 +64,9 @@ BaseSafeBrowsingErrorUI::SBErrorDisplayOptions GetDefaultDisplayOptions(
       /*is_enhanced_protection_enabled=*/false,
       prefs->GetBoolean(prefs::kSafeBrowsingProceedAnywayDisabled),
       /*should_open_links_in_new_tab=*/false,
-      /*always_show_back_to_safety=*/true, "cpn_safe_browsing");
+      /*always_show_back_to_safety=*/true,
+      /*is_enhanced_protection_message_enabled=*/false,
+      /*is_safe_browsing_managed=*/false, "cpn_safe_browsing");
 }
 }  // namespace