Settings: Add a "disable safebrowsing" confirmation dialog

Add a dialog to confrim a user want to disable safebrowsing

Bug: 1067288, 1032584
Change-Id: Iddd781a3f369f5ee6359afb94ac18230b231a388
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2137404
Commit-Queue: Sean Harrison <harrisonsean@chromium.org>
Reviewed-by: dpapad <dpapad@chromium.org>
Cr-Commit-Position: refs/heads/master@{#758014}

chrome/app/settings_strings.grdp

@@ -1174,6 +1174,15 @@
   <message name="IDS_SETTINGS_SAFEBROWSING_NONE_DESC" desc="Description for safe browsing no protection mode">
     Does not protect you against dangerous websites, downloads, and extensions. You’ll still get Safe Browsing protection, where available, in other Google services, like Gmail and Search.
   </message>
+  <message name="IDS_SETTINGS_SAFEBROWSING_DISABLE_DIALOG_TITLE" desc="Title for the confirmation dialog to turn off SafeBrowsing">
+    Turn off Safe Browsing?
+  </message>
+  <message name="IDS_SETTINGS_SAFEBROWSING_DISABLE_DIALOG_DESC" desc="Description for the confirmation dialog to turn off SafeBrowsing">
+    Safe Browsing protects you against attackers who may trick you into doing something dangerous like installing malicious software or revealing personal information like passwords, phone numbers, or credit cards. If you turn it off, be careful when browsing unfamiliar or unreputable sites.
+  </message>
+  <message name="IDS_SETTINGS_SAFEBROWSING_DISABLE_DIALOG_CONFIRM" desc="Title for the confirmation dialog to turn off SafeBrowsing">
+    Turn off
+  </message>
   <message name="IDS_SETTINGS_ENABLE_DO_NOT_TRACK" desc="The label of the checkbox to enable/disable sending the 'Do Not track' header">
     Send a "Do Not Track" request with your browsing traffic
   </message>

chrome/browser/resources/settings/privacy_page/BUILD.gn

@@ -11,6 +11,7 @@ js_type_check("closure_compile") {
   deps = [
     ":collapse_radio_button",
     ":cookies_page",
+    ":disable_safebrowsing_dialog",
     ":do_not_track_toggle",
     ":passwords_leak_detection_toggle",
     ":personalization_options",
@@ -50,6 +51,10 @@ js_library("cookies_page") {
   ]
 }
 
+js_library("disable_safebrowsing_dialog") {
+  deps = [ "//ui/webui/resources/cr_elements/cr_dialog:cr_dialog" ]
+}
+
 js_library("do_not_track_toggle") {
   deps = [
     "..:metrics_browser_proxy",
@@ -198,6 +203,7 @@ js_library("security_keys_bio_enroll_dialog") {
 
 js_library("security_page") {
   deps = [
+    ":disable_safebrowsing_dialog",
     ":privacy_page_browser_proxy",
     ":safe_browsing_browser_proxy",
     "..:metrics_browser_proxy",
@@ -217,6 +223,7 @@ js_type_check("closure_compile_module") {
   deps = [
     ":collapse_radio_button.m",
     ":cookies_page.m",
+    ":disable_safebrowsing_dialog.m",
     ":do_not_track_toggle.m",
     ":passwords_leak_detection_toggle.m",
     ":personalization_options.m",
@@ -283,6 +290,15 @@ js_library("secure_dns_input.m") {
   extra_deps = [ ":secure_dns_input_module" ]
 }
 
+js_library("disable_safebrowsing_dialog.m") {
+  sources = [ "$root_gen_dir/chrome/browser/resources/settings/privacy_page/disable_safebrowsing_dialog.m.js" ]
+  deps = [
+    "//third_party/polymer/v3_0/components-chromium/polymer:polymer_bundled",
+    "//ui/webui/resources/cr_elements/cr_dialog:cr_dialog.m",
+  ]
+  extra_deps = [ ":disable_safebrowsing_dialog_module" ]
+}
+
 js_library("do_not_track_toggle.m") {
   sources = [ "$root_gen_dir/chrome/browser/resources/settings/privacy_page/do_not_track_toggle.m.js" ]
   deps = [
@@ -358,7 +374,8 @@ js_library("safe_browsing_browser_proxy.m") {
   sources = [ "$root_gen_dir/chrome/browser/resources/settings/privacy_page/safe_browsing_browser_proxy.m.js" ]
   deps = [
     "../site_settings:site_settings_prefs_browser_proxy.m",
-  "//ui/webui/resources/js:cr.m" ]
+    "//ui/webui/resources/js:cr.m",
+  ]
   extra_deps = [ ":modulize" ]
 }
 
@@ -440,6 +457,7 @@ js_library("security_keys_subpage.m") {
 js_library("security_page.m") {
   sources = [ "$root_gen_dir/chrome/browser/resources/settings/privacy_page/security_page.m.js" ]
   deps = [
+    ":disable_safebrowsing_dialog.m",
     ":privacy_page_browser_proxy.m",
     ":safe_browsing_browser_proxy.m",
     "..:i18n_setup.m",
@@ -459,6 +477,7 @@ group("polymer3_elements") {
   public_deps = [
     ":collapse_radio_button_module",
     ":cookies_page_module",
+    ":disable_safebrowsing_dialog_module",
     ":do_not_track_toggle_module",
     ":modulize",
     ":passwords_leak_detection_toggle_module",
@@ -502,6 +521,14 @@ polymer_modulizer("collapse_radio_button") {
                  ]
 }
 
+polymer_modulizer("disable_safebrowsing_dialog") {
+  js_file = "disable_safebrowsing_dialog.js"
+  html_file = "disable_safebrowsing_dialog.html"
+  html_type = "dom-module"
+  namespace_rewrites = settings_namespace_rewrites
+  auto_imports = settings_auto_imports
+}
+
 polymer_modulizer("secure_dns") {
   js_file = "secure_dns.js"
   html_file = "secure_dns.html"

chrome/browser/resources/settings/privacy_page/disable_safebrowsing_dialog.html

+<link rel="import" href="chrome://resources/html/polymer.html">
+
+<link rel="import" href="chrome://resources/cr_elements/cr_button/cr_button.html">
+<link rel="import" href="chrome://resources/cr_elements/cr_dialog/cr_dialog.html">
+
+<dom-module id="settings-disable-safebrowsing-dialog">
+  <template>
+    <cr-dialog id="dialog" close-text="$i18n{close}">
+      <div slot="title">$i18n{safeBrowsingDisableDialog}</div>
+      <div slot="body">$i18n{safeBrowsingDisableDialogDesc}</div>
+      <div slot="button-container">
+        <cr-button class="cancel-button" on-click="onDialogCancel_">
+          $i18n{cancel}
+        </cr-button>
+        <cr-button class="action-button" on-click="onDialogConfirm_">
+          $i18n{safeBrowsingDisableDialogConfrim}
+        </cr-button>
+      </div>
+    </cr-dialog>
+  </template>
+  <script src="disable_safebrowsing_dialog.js"></script>
+</dom-module>

chrome/browser/resources/settings/privacy_page/disable_safebrowsing_dialog.js

+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+/**
+ * @fileoverview
+ * 'disable-safebrowsing-dialog' makes sure users want to disable safebrowsing.
+ */
+Polymer({
+  is: 'settings-disable-safebrowsing-dialog',
+
+  /** @override */
+  attached() {
+    this.$.dialog.showModal();
+  },
+
+  /** @return {boolean} Whether the user confirmed the dialog. */
+  wasConfirmed() {
+    return /** @type {!CrDialogElement} */ (this.$.dialog)
+               .getNative()
+               .returnValue == 'success';
+  },
+
+  /** @private */
+  onDialogCancel_() {
+    this.$.dialog.cancel();
+  },
+
+  /** @private */
+  onDialogConfirm_() {
+    this.$.dialog.close();
+  },
+});

chrome/browser/resources/settings/privacy_page/security_page.html

@@ -7,6 +7,7 @@
 <link rel="import" href="chrome://resources/html/assert.html">
 <link rel="import" href="chrome://resources/html/cr/ui/focus_without_ink.html">
 <link rel="import" href="collapse_radio_button.html">
+<link rel="import" href="disable_safebrowsing_dialog.html">
 <link rel="import" href="passwords_leak_detection_toggle.html">
 <link rel="import" href="privacy_page_browser_proxy.html">
 <link rel="import" href="safe_browsing_browser_proxy.html">
@@ -202,7 +203,13 @@
         label="$i18n{advancedProtectionProgramTitle}"
         sub-label="$i18n{advancedProtectionProgramDesc}"
         on-click="onAdvancedProtectionProgramLinkClick_"
-            external></cr-link-row>
+        external>
+    </cr-link-row>
+    <template is="dom-if" if="[[showDisableSafebrowsingDialog_]]" restamp>
+      <settings-disable-safebrowsing-dialog prefs="{{prefs}}"
+          on-close="onDisableSafebrowsingDialogClose_">
+      </settings-disable-safebrowsing-dialog>
+    </template>
   </template>
   <script src="security_page.js"></script>
 </dom-module>

chrome/browser/resources/settings/privacy_page/security_page.js

@@ -76,6 +76,9 @@ Polymer({
       type: Object,
       observer: 'focusConfigChanged_',
     },
+
+    /** @private */
+    showDisableSafebrowsingDialog_: Boolean,
   },
 
   observers: [
@@ -147,8 +150,7 @@ Polymer({
       this.setPrefValue('safebrowsing.enabled', true);
       this.setPrefValue('safebrowsing.enhanced', false);
     } else {  // disabled state
-      this.setPrefValue('safebrowsing.enabled', false);
-      this.setPrefValue('safebrowsing.enhanced', false);
+      this.showDisableSafebrowsingDialog_ = true;
     }
   },
 
@@ -190,5 +192,29 @@ Polymer({
   onSecurityKeysClick_() {
     settings.Router.getInstance().navigateTo(settings.routes.SECURITY_KEYS);
   },
+
+  /**
+   * Handles the closure of the disable safebrowsing dialog, reselects the
+   * appropriate radio button if the user cancels the dialog, and puts focus on
+   * the disable safebrowsing button.
+   * @private
+   */
+  onDisableSafebrowsingDialogClose_() {
+    // Check if the dialog was confirmed before closing it.
+    if (/** @type {!SettingsDisableSafebrowsingDialogElement} */
+        (this.$$('settings-disable-safebrowsing-dialog')).wasConfirmed()) {
+      this.setPrefValue('safebrowsing.enabled', false);
+      this.setPrefValue('safebrowsing.enhanced', false);
+    }
+
+    this.showDisableSafebrowsingDialog_ = false;
+
+    // Have the correct radio button highlighted.
+    this.$.safeBrowsingRadio.selected = this.selectSafeBrowsingRadio_;
+
+    // Set focus back to the no protection button regardless of user interaction
+    // with the dialog, as it was the entry point to the dialog.
+    cr.ui.focusWithoutInk(assert(this.$.safeBrowsingDisabled));
+  },
 });
 })();

chrome/browser/resources/settings/settings_resources.grd

@@ -932,6 +932,12 @@
                  file="privacy_page/security_page.js"
                  type="chrome_html"
                  preprocess="true" />
+      <structure name="IDR_SETTINGS_DISABLE_SAFEBROWSING_DIALOG_HTML"
+                 file="privacy_page/disable_safebrowsing_dialog.html"
+                 type="chrome_html" />
+      <structure name="IDR_SETTINGS_DISABLE_SAFEBROWSING_DIALOG_JS"
+                 file="privacy_page/disable_safebrowsing_dialog.js"
+                 type="chrome_html" />
       <structure name="IDR_SETTINGS_PRIVACY_PAGE_HTML"
                  file="privacy_page/privacy_page.html"
                  preprocess="true"

chrome/browser/resources/settings/settings_resources_v3.grdp

@@ -504,6 +504,10 @@
            use_base_dir="false"
            preprocess="true"
            type="BINDATA" />
+  <include name="IDR_SETTINGS_PRIVACY_PAGE_DISABLE_SAFEBROWSING_DIALOG_M_JS"
+           file="${root_gen_dir}/chrome/browser/resources/settings/privacy_page/disable_safebrowsing_dialog.m.js"
+           use_base_dir="false"
+           type="BINDATA" />
   <include name="IDR_SETTINGS_PRIVACY_PAGE_SECURITY_KEYS_BIO_ENROLL_DIALOG_M_JS"
            file="${root_gen_dir}/chrome/browser/resources/settings/privacy_page/security_keys_bio_enroll_dialog.m.js"
            use_base_dir="false"

chrome/browser/ui/webui/settings/settings_localized_strings_provider.cc

@@ -1176,6 +1176,12 @@ void AddPrivacyStrings(content::WebUIDataSource* html_source,
        IDS_SETTINGS_SAFEBROWSING_STANDARD_HELP_IMPROVE},
       {"safeBrowsingNone", IDS_SETTINGS_SAFEBROWSING_NONE},
       {"safeBrowsingNoneDesc", IDS_SETTINGS_SAFEBROWSING_NONE_DESC},
+      {"safeBrowsingDisableDialog",
+       IDS_SETTINGS_SAFEBROWSING_DISABLE_DIALOG_TITLE},
+      {"safeBrowsingDisableDialogDesc",
+       IDS_SETTINGS_SAFEBROWSING_DISABLE_DIALOG_DESC},
+      {"safeBrowsingDisableDialogConfrim",
+       IDS_SETTINGS_SAFEBROWSING_DISABLE_DIALOG_CONFIRM},
       {"safeBrowsingEnableProtection",
        IDS_SETTINGS_SAFEBROWSING_ENABLEPROTECTION},
       {"safeBrowsingEnableProtectionDesc",

chrome/test/data/webui/settings/cr_settings_browsertest.js

@@ -1559,6 +1559,7 @@ CrSettingsSecurityPageTest.prototype = {
   /** @override */
   extraLibraries: CrSettingsBrowserTest.prototype.extraLibraries.concat([
     '../test_browser_proxy.js',
+    '../test_util.js',
     'test_safe_browsing_browser_proxy.js',
     'test_sync_browser_proxy.js',
     'test_privacy_page_browser_proxy.js',

chrome/test/data/webui/settings/security_page_test.js

@@ -5,6 +5,7 @@
 // clang-format off
 // #import {SafeBrowsingBrowserProxyImpl} from 'chrome://settings/lazy_load.js';
 // #import {flush} from 'chrome://resources/polymer/v3_0/polymer/polymer_bundled.min.js';
+// #import {flushTasks} from 'chrome://test/test_util.m.js';
 // #import {PrivacyPageBrowserProxyImpl, SyncBrowserProxyImpl, MetricsBrowserProxyImpl, PrivacyElementInteractions} from 'chrome://settings/settings.js';
 // #import {TestMetricsBrowserProxy} from 'chrome://test/settings/test_metrics_browser_proxy.m.js';
 // #import {TestSyncBrowserProxy} from 'chrome://test/settings/test_sync_browser_proxy.m.js';
@@ -106,6 +107,81 @@ suite('CrSettingsSecurityPageTest', function() {
     assertTrue(safeBrowsingReportingToggle.checked);
   });
 
+  test('DisableSafebrowsingDialog_Confirm', async function() {
+    page.$$('#safeBrowsingStandard').click();
+    Polymer.dom.flush();
+
+    page.$$('#safeBrowsingDisabled').click();
+    Polymer.dom.flush();
+
+    page.$$('settings-disable-safebrowsing-dialog')
+        .$$('.action-button')
+        .click();
+    Polymer.dom.flush();
+
+    // Wait for onDisableSafebrowsingDialogClose_ to finish.
+    await test_util.flushTasks();
+
+    assertEquals(null, page.$$('settings-disable-safebrowsing-dialog'));
+
+    assertFalse(page.$$('#safeBrowsingEnhanced').checked);
+    assertFalse(page.$$('#safeBrowsingStandard').checked);
+    assertTrue(page.$$('#safeBrowsingDisabled').checked);
+
+    assertFalse(page.prefs.safebrowsing.enabled.value);
+    assertFalse(page.prefs.safebrowsing.enhanced.value);
+  });
+
+  test('DisableSafebrowsingDialog_CancelFromEnhanced', async function() {
+    page.$$('#safeBrowsingEnhanced').click();
+    Polymer.dom.flush();
+
+    page.$$('#safeBrowsingDisabled').click();
+    Polymer.dom.flush();
+
+    page.$$('settings-disable-safebrowsing-dialog')
+        .$$('.cancel-button')
+        .click();
+    Polymer.dom.flush();
+
+    // Wait for onDisableSafebrowsingDialogClose_ to finish.
+    await test_util.flushTasks();
+
+    assertEquals(null, page.$$('settings-disable-safebrowsing-dialog'));
+
+    assertTrue(page.$$('#safeBrowsingEnhanced').checked);
+    assertFalse(page.$$('#safeBrowsingStandard').checked);
+    assertFalse(page.$$('#safeBrowsingDisabled').checked);
+
+    assertTrue(page.prefs.safebrowsing.enabled.value);
+    assertTrue(page.prefs.safebrowsing.enhanced.value);
+  });
+
+  test('DisableSafebrowsingDialog_CancelFromStandard', async function() {
+    page.$$('#safeBrowsingStandard').click();
+    Polymer.dom.flush();
+
+    page.$$('#safeBrowsingDisabled').click();
+    Polymer.dom.flush();
+
+    page.$$('settings-disable-safebrowsing-dialog')
+        .$$('.cancel-button')
+        .click();
+    Polymer.dom.flush();
+
+    // Wait for onDisableSafebrowsingDialogClose_ to finish.
+    await test_util.flushTasks();
+
+    assertEquals(null, page.$$('settings-disable-safebrowsing-dialog'));
+
+    assertFalse(page.$$('#safeBrowsingEnhanced').checked);
+    assertTrue(page.$$('#safeBrowsingStandard').checked);
+    assertFalse(page.$$('#safeBrowsingDisabled').checked);
+
+    assertTrue(page.prefs.safebrowsing.enabled.value);
+    assertFalse(page.prefs.safebrowsing.enhanced.value);
+  });
+
   test('noControlSafeBrowsingReportingInEnhanced', function() {
     page.$$('#safeBrowsingStandard').click();
     Polymer.dom.flush();