Oxide

[Browser] Support for Safe Browsing API

Bug #1261046 reported by Adnane Belmadiaf
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Oxide
Triaged
Medium
Unassigned
Ubuntu UX
Fix Committed
Medium
James Mulholland
webbrowser-app
Invalid
Medium
Unassigned

Bug Description

The browser needs a way to check pages against malwares/phishing etc..

FF OS does use the Safe Browsing Lookup API
https://developers.google.com/safe-browsing/
https://developers.google.com/safe-browsing/lookup_guide

--- --- --- ---
UX Comment:
Current design spec appears to already account for this. Please notify me if any additional design is required.

See original description
Revision history for this message
Adnane Belmadiaf (daker) wrote :

try {
    var req = new XMLHttpRequest();

    req.onreadystatechange = function () {
        if (req.readyState == XMLHttpRequest.DONE) {
            console.debug("Debug: " + req.responseText)
        } else {}
    };

    req.open("GET", "https://sb-ssl.google.com/safebrowsing/api/lookup?client=api&apikey=ABQIAAAAXn2CrqC-zz0c0lI_8NfQbBQJyEjSvtjLID-f8-9JQcCAZT-Bkg&appver=1.0&pver=3.0&url=" + requestedUrl);
    req.send();
} catch (e) {
    throw new Error("Unable to parse data.");
}

Revision history for this message
Olivier Tilloy (osomon) wrote :

See http://www.chromium.org/developers/design-documents/safebrowsing for detailed documentation on how safe browsing is implemented in chromium.

Changed in webbrowser-app:
status: New → Confirmed
Bill Filler (bfiller)
Changed in webbrowser-app:
importance: Undecided → Medium
Revision history for this message
Chris Coulson (chrisccoulson) wrote :

This is something I'd planned to implement (I thought there was already a bug for it). We want this in Oxide rather than the browser though, so that it's available to all embedders. This isn't something that's available in WebkitGTK or QtWebkit (it's normally implemented at the application level, although I don't think any browsers using these API's implement safebrowsing support either)

Changed in oxide:
importance: Undecided → Medium
status: New → Triaged
Giorgio Venturi (giorgio-venturi-deactivatedaccount)
Changed in ubuntu-ux:
status: New → Triaged
assignee: nobody → Giorgio Venturi (giorgio-venturi)
importance: Undecided → Medium
John Lea (johnlea)
summary: - Support for Safe Browsing API
+ [Browser] Support for Safe Browsing API
Magdalena Mirowicz (magdalena-mirowicz)
Changed in ubuntu-ux:
assignee: Giorgio Venturi (giorgio-venturi) → James Mulholland (jamesjosephmulholland)
Revision history for this message
Olivier Tilloy (osomon) wrote :

Marked invalid for webbrowser-app, as this will be implemented in oxide, per Chris’ comment.

Changed in webbrowser-app:
status: Confirmed → Invalid
James Mulholland (jamesmulholland)
description: updated
Changed in ubuntu-ux:
status: Triaged → Fix Committed
Revision history for this message
Olivier Tilloy (osomon) wrote :

FTR, as previously discussed with James over IRC, safe browsing is different from insecure certificates warnings. So this requires additional design work (even though it will probably look very similar). Not sure what the oxide API will look like. Will the embedder be left responsible for displaying some sort of interstitial page, or will that be done by oxide directly?

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Related blueprints

Remote bug watches

Bug watches keep track of this bug in other bug trackers.