(From update of attachment 416840)
>diff --git a/browser/components/safebrowsing/content/blockedSite.xhtml b/browser/components/safebrowsing/content/blockedSite.xhtml
>       function getURL()
>       {
>         var url = document.documentURI;
>-        var index = url.search(/u\=/);
>+        var match = url.match(/&u=([^&]+)&/);
> 
>-        // index == -1 if not found; if so, return an empty string
>+        // match == null if not found; if so, return an empty string
>         // instead of what would turn out to be portions of the URI
>-        if (index == -1)
>+        if (!match)
>           return "";
> 
>-        return decodeURIComponent(url.slice(index + 2));
>+        var url = decodeURIComponent(match[1]);

no need to redeclare url.  Though, I'd make this into an nsIURI and use schemeIs, rather than rely on decodeURIComponent to be what we want.

>diff --git a/toolkit/components/viewsource/content/viewSource.js b/toolkit/components/viewsource/content/viewSource.js

>+function onCommandContent(event) {
>+  // Don't trust synthetic events
>+  if (!event.isTrusted)
>+    return;
>+
>+  var ot = event.originalTarget;

s/ot/target/ for readability in context.

>+  if (/^about:blocked/.test(errorDoc.documentURI)) {
>+    // The event came from a button on a malware/phishing block page
>+    // First check whether it's malware or phishing, so that we can
>+    // use the right strings/links
>+    var isMalware = /e=malwareBlocked/.test(errorDoc.documentURI);
>+    
>+    if (ot == errorDoc.getElementById('getMeOutButton')) {
>+      // Instead of loading some safe page, just close the window
>+      window.close();
>+    } else if (ot == errorDoc.getElementById('reportButton')) {
>+      // This is the "Why is this site blocked" button.  For malware,
>+      // we can fetch a site-specific report, for phishing, we redirect
>+      // to the generic page describing phishing protection.
>+
>+      if (isMalware) {
>+        // Get the stop badware "why is this blocked" report url,
>+        // append the current url, and go there.
>+        try {
>+          let reportURL = formatter.formatURLPref("browser.safebrowsing.malware.reportURL", true);
>+          reportURL += errorDoc.location.href.slice(12);
>+          openURL(reportURL);
>+        } catch (e) {
>+          Components.utils.reportError("Couldn't get malware report URL: " + e);
>+        }
>+      } else { // It's a phishing site, not malware
>+        try {
>+          var infoURL = formatter.formatURLPref("browser.safebrowsing.warning.infoURL", true);
>+          openURL(infoURL);
>+        } catch (e) {
>+          Components.utils.reportError("Couldn't get phishing info URL: " + e);
>+        }
>+      }
>+    } else if (ot == errorDoc.getElementById('ignoreWarningButton')) {
>+      // Allow users to override and continue through to the site,
>+      // but add a notify bar as a reminder, so that they don't lose
>+      // track after, e.g., tab switching.
>+      gBrowser.loadURIWithFlags(content.location.href,
>+                                Ci.nsIWebNavigation.LOAD_FLAGS_BYPASS_CLASSIFIER,
>+                                null, null, null);

style bitching: I know that this file uses the "} else {" style more often, but we've been trying to get away from that, so please don't tilt the balance that way. :)

I'm not super worried about the prefs, since they're needed for SB, so any consumers will probably have them.. need to clean up naming though.