Update safe browsing warning for phishing sites

pascoej · pascoej · commit 3961561ee02f · 2025-02-26T14:08:06.000-08:00
https://bugs.webkit.org/show_bug.cgi?id=288586 rdar://145601460 Reviewed by Charlie Wolfe. Update the phishing warning text according to requirements laid out in radar. This patch also cleans up HAVE_SAFE_BROWSING_RESULT_DETAILS, which is no longer needed. * Source/WTF/wtf/PlatformHave.h: * Source/WebCore/en.lproj/Localizable.strings: * Source/WebKit/Platform/spi/Cocoa/SafeBrowsingSPI.h: * Source/WebKit/UIProcess/Cocoa/BrowsingWarningCocoa.mm: (WebKit::malwareDetailsBase): (WebKit::learnMoreURL): (WebKit::reportAnErrorBase): (WebKit::localizedProviderDisplayName): (WebKit::localizedProviderName): (WebKit::browsingDetailsText): (WebKit::localizedProvider): Deleted. * Tools/TestWebKitAPI/Tests/WebKitCocoa/SafeBrowsing.mm: (-[TestServiceLookupResult localizedProviderDisplayName]): Canonical link: https://commits.webkit.org/291164@main
diff --git a/Source/WTF/wtf/PlatformHave.h b/Source/WTF/wtf/PlatformHave.h
@@ -1129,10 +1129,6 @@
 #define HAVE_SHARE_SHEET_UI 1
 #endif
 
-#if (PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 130000) || PLATFORM(IOS) || PLATFORM(WATCHOS) || PLATFORM(VISION)
-#define HAVE_SAFE_BROWSING_RESULT_DETAILS 1
-#endif
-
 #if (PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 130000) \
     || PLATFORM(IOS_FAMILY)
 #define HAVE_MEMORY_ATTRIBUTION_VM_SHARE_SUPPORT 1
diff --git a/Source/WebCore/en.lproj/Localizable.strings b/Source/WebCore/en.lproj/Localizable.strings
@@ -731,7 +731,7 @@
 "Host \"%s\" is invalid." = "Host \"%s\" is invalid.";
 
 /* Phishing warning description */
-"If you believe this website is safe, you can %report-an-error%. Or, if you understand the risks involved, you can %bypass-link%." = "If you believe this website is safe, you can %report-an-error%. Or, if you understand the risks involved, you can %bypass-link%.";
+"This website was reported as deceptive by %provider-display-name%. If you believe this website is safe, you can %report-an-error% to %provider%. Or, if you understand the risks involved, you can %bypass-link%." = "This website was reported as deceptive by %provider-display-name%. If you believe this website is safe, you can %report-an-error% to %provider%. Or, if you understand the risks involved, you can %bypass-link%.";
 
 /* Action from safe browsing warning */
 "If you understand the risks involved, you can %visit-this-unsafe-site-link%." = "If you understand the risks involved, you can %visit-this-unsafe-site-link%.";
diff --git a/Source/WebKit/Platform/spi/Cocoa/SafeBrowsingSPI.h b/Source/WebKit/Platform/spi/Cocoa/SafeBrowsingSPI.h
@@ -39,6 +39,7 @@ WTF_EXTERN_C_BEGIN
 
 extern SSBProvider const SSBProviderGoogle;
 extern SSBProvider const SSBProviderTencent;
+extern SSBProvider const SSBProviderApple;
 
 WTF_EXTERN_C_END
 
@@ -50,12 +51,11 @@ WTF_EXTERN_C_END
 @property (nonatomic, readonly, getter=isMalware) BOOL malware;
 @property (nonatomic, readonly, getter=isUnwantedSoftware) BOOL unwantedSoftware;
 
-#if HAVE(SAFE_BROWSING_RESULT_DETAILS)
 @property (nonatomic, readonly) NSString *malwareDetailsBaseURLString;
 @property (nonatomic, readonly) NSURL *learnMoreURL;
 @property (nonatomic, readonly) NSString *reportAnErrorBaseURLString;
 @property (nonatomic, readonly) NSString *localizedProviderDisplayName;
-#endif
+@property (nonatomic, readonly) NSString *localizedProviderShortName;
 
 @end
 
diff --git a/Source/WebKit/UIProcess/Cocoa/BrowsingWarningCocoa.mm b/Source/WebKit/UIProcess/Cocoa/BrowsingWarningCocoa.mm
@@ -33,52 +33,46 @@
 #import <wtf/StdLibExtras.h>
 #import <wtf/text/MakeString.h>
 
+NSString * const SSBProviderGoogle = @"SSBProviderGoogle";
+NSString * const SSBProviderTencent = @"SSBProviderTencent";
+NSString * const SSBProviderApple = @"SSBProviderApple";
+
 namespace WebKit {
 
 #if HAVE(SAFE_BROWSING)
 
 static String malwareDetailsBase(SSBServiceLookupResult *result)
 {
-#if HAVE(SAFE_BROWSING_RESULT_DETAILS)
     return result.malwareDetailsBaseURLString;
-#else
-    if ([result.provider isEqualToString:SSBProviderTencent])
-        return "https://www.urlsec.qq.com/check.html?tpl=safari"_s;
-    return "https://google.com/safebrowsing/diagnostic?tpl=safari"_s;
-#endif
 }
 
 static NSURL *learnMoreURL(SSBServiceLookupResult *result)
 {
-#if HAVE(SAFE_BROWSING_RESULT_DETAILS)
     return result.learnMoreURL;
-#else
-    if ([result.provider isEqualToString:SSBProviderTencent])
-        return [NSURL URLWithString:@"https://www.urlsec.qq.com/standard/s1.html?tpl=safari"];
-    return [NSURL URLWithString:@"https://www.google.com/support/bin/answer.py?answer=106318"];
-#endif
 }
 
 static String reportAnErrorBase(SSBServiceLookupResult *result)
 {
-#if HAVE(SAFE_BROWSING_RESULT_DETAILS)
     return result.reportAnErrorBaseURLString;
-#else
-    if ([result.provider isEqualToString:SSBProviderTencent])
-        return "https://www.urlsec.qq.com/complain.html?tpl=safari"_s;
-    return "https://www.google.com/safebrowsing/report_error/?tpl=safari"_s;
-#endif
 }
 
-static String localizedProvider(SSBServiceLookupResult *result)
+static String localizedProviderDisplayName(SSBServiceLookupResult *result)
 {
-#if HAVE(SAFE_BROWSING_RESULT_DETAILS)
     return result.localizedProviderDisplayName;
-#else
-    if ([result.provider isEqualToString:SSBProviderTencent])
-        return WEB_UI_NSSTRING(@"Tencent Safe Browsing", "Tencent Safe Browsing");
-    return WEB_UI_NSSTRING(@"Google Safe Browsing", "Google Safe Browsing");
-#endif
+}
+
+static String localizedProviderShortName(SSBServiceLookupResult *result)
+{
+    if ([result respondsToSelector:@selector(localizedProviderShortName)])
+        return result.localizedProviderShortName;
+    if ([result.provider isEqual:SSBProviderGoogle])
+        return "Google"_s;
+    if ([result.provider isEqual:SSBProviderTencent])
+        return "Tencent"_s;
+    if ([result.provider isEqual:SSBProviderApple])
+        return "Apple"_s;
+    ASSERT_NOT_REACHED();
+    return ""_s;
 }
 
 
@@ -151,20 +145,22 @@ static void addLinkAndReplace(NSMutableAttributedString *string, NSString *toRep
     if (result.isPhishing) {
         NSString *phishingDescription = WEB_UI_NSSTRING(@"Warnings are shown for websites that have been reported as deceptive. Deceptive websites try to trick you into believing they are legitimate websites you trust.", "Phishing warning description");
         NSString *learnMore = WEB_UI_NSSTRING(@"Learn more…", "Action from safe browsing warning");
-        NSString *phishingActions = WEB_UI_NSSTRING(@"If you believe this website is safe, you can %report-an-error%. Or, if you understand the risks involved, you can %bypass-link%.", "Phishing warning description");
+        NSString *phishingActions = WEB_UI_NSSTRING(@"This website was reported as deceptive by %provider-display-name%. If you believe this website is safe, you can %report-an-error% to %provider%. Or, if you understand the risks involved, you can %bypass-link%.", "Phishing warning description");
         NSString *reportAnError = WEB_UI_NSSTRING(@"report an error", "Action from safe browsing warning");
         NSString *visitUnsafeWebsite = WEB_UI_NSSTRING(@"visit this unsafe website", "Action from safe browsing warning");
 
         auto attributedString = adoptNS([[NSMutableAttributedString alloc] initWithString:[NSString stringWithFormat:@"%@ %@\n\n%@", phishingDescription, learnMore, phishingActions]]);
         addLinkAndReplace(attributedString.get(), learnMore, learnMore, learnMoreURL(result));
+        replace(attributedString.get(), @"%provider-display-name%", localizedProviderDisplayName(result));
+        replace(attributedString.get(), @"%provider%", localizedProviderShortName(result));
         addLinkAndReplace(attributedString.get(), @"%report-an-error%", reportAnError, reportAnErrorURL(url, result));
         addLinkAndReplace(attributedString.get(), @"%bypass-link%", visitUnsafeWebsite, BrowsingWarning::visitUnsafeWebsiteSentinel());
         return attributedString.autorelease();
     }
 
     auto malwareOrUnwantedSoftwareDetails = [&] (NSString *description, NSString *statusStringToReplace, bool confirmMalware) {
         auto malwareDescription = adoptNS([[NSMutableAttributedString alloc] initWithString:description]);
-        replace(malwareDescription.get(), @"%safeBrowsingProvider%", localizedProvider(result));
+        replace(malwareDescription.get(), @"%safeBrowsingProvider%", localizedProviderDisplayName(result));
         auto statusLink = adoptNS([[NSMutableAttributedString alloc] initWithString:WEB_UI_NSSTRING(@"the status of “%site%”", "Part of malware description")]);
         replace(statusLink.get(), @"%site%", url.host().toString());
         addLinkAndReplace(malwareDescription.get(), statusStringToReplace, [statusLink string], malwareDetailsURL(url, result));
diff --git a/Tools/TestWebKitAPI/Tests/WebKitCocoa/SafeBrowsing.mm b/Tools/TestWebKitAPI/Tests/WebKitCocoa/SafeBrowsing.mm
@@ -110,7 +110,6 @@ - (BOOL)isUnwantedSoftware
     return _isUnwantedSoftware;
 }
 
-#if HAVE(SAFE_BROWSING_RESULT_DETAILS)
 - (NSString *)malwareDetailsBaseURLString
 {
     return @"test://";
@@ -130,7 +129,6 @@ - (NSString *)localizedProviderDisplayName
 {
     return @"test display name";
 }
-#endif
 
 @end
 

Original file line number	Diff line number	Diff line change
`@@ -110,7 +110,6 @@ - (BOOL)isUnwantedSoftware`
`110`	`110`	`return _isUnwantedSoftware;`
`111`	`111`	`}`
`112`	`112`
`113`		`-#if HAVE(SAFE_BROWSING_RESULT_DETAILS)`
`114`	`113`	`- (NSString *)malwareDetailsBaseURLString`
`115`	`114`	`{`
`116`	`115`	`return @"test://";`
`@@ -130,7 +129,6 @@ - (NSString *)localizedProviderDisplayName`
`130`	`129`	`{`
`131`	`130`	`return @"test display name";`
`132`	`131`	`}`
`133`		`-#endif`
`134`	`132`
`135`	`133`	`@end`
`136`	`134`