comment out all of the safe browsing stuff because nothing works

WebBrowser/Program.cs

@@ -9,15 +9,22 @@ using Google.Apis.Safebrowsing.v4.Data;
 using Google.Apis.Services;
 using System.Collections.Generic;
 using System.Threading.Tasks;
-
+using System.Linq.Expressions;
 
 namespace XeroBrowser
 {
     
     public static class Program
     {
-        public static async Task<bool> IsUrlUnsafe(string url, string apiKey)
+        //safebrowsing integration
+        /* public static async Task<bool> IsUrlUnsafe(string url, string apiKey)
         {
+            // ignore any file stored locally
+            if (url.StartsWith("file://"))
+            {
+                return false;
+            }
+
             var safeBrowsingService = new SafebrowsingService(new BaseClientService.Initializer
             {
                 ApiKey = "AIzaSyCQV - s52iNah - il6T5iFuqo6M_JzcLyaxs",
@@ -43,10 +50,12 @@ namespace XeroBrowser
             };
 
             var response = await safeBrowsingService.ThreatMatches.Find(request).ExecuteAsync();
-
+            try { }
+                catch(System.Net.Http.HttpRequestException) { }
+            
             return response != null && response.Matches != null && response.Matches.Count > 0;
         }
-
+        */
         public static AppContainer Container;
 
         private static TitleBarTabsApplicationContext _applicationContext;

WebBrowser/Xero Browser.csproj

@@ -356,6 +356,7 @@
     <Content Include="loaderror.html" />
     <None Include="Resources\bookmarks-bookmarked.png" />
     <None Include="Resources\bookmarks-unbookmarked.png" />
+    <Content Include="safebrowsingblock.html" />
     <Content Include="script.js">
       <CopyToOutputDirectory>Always</CopyToOutputDirectory>
     </Content>

WebBrowser/blocked.svg

@@ -0,0 +1 @@
+<svg width="24" height="24" fill="none" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg"><path d="M10.909 2.782a2.25 2.25 0 0 1 2.975.74l.083.138 7.759 14.009a2.25 2.25 0 0 1-1.814 3.334l-.154.006H4.242A2.25 2.25 0 0 1 2.2 17.812l.072-.143L10.03 3.66a2.25 2.25 0 0 1 .879-.878ZM12 16.002a.999.999 0 1 0 0 1.997.999.999 0 0 0 0-1.997Zm-.002-8.004a1 1 0 0 0-.993.884L11 8.998 11 14l.007.117a1 1 0 0 0 1.987 0l.006-.117L13 8.998l-.007-.117a1 1 0 0 0-.994-.883Z" fill="#ffffff"/></svg>

WebBrowser/blockedSite.css

@@ -0,0 +1,72 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+ @import url("chrome://global/skin/error-pages.css");
+
+ @media not (prefers-contrast) {
+   :root {
+     --in-content-page-background: #d30012;
+     --in-content-page-color: white;
+     --in-content-text-color: white;
+     --in-content-primary-button-text-color: black;
+     --in-content-button-background: transparent;
+     --in-content-button-background-hover: #5a0002;
+     --in-content-button-background-active: #3e0200;
+     --in-content-primary-button-background: white;
+     --in-content-primary-button-background-hover: rgba(255, 255, 255, 0.8);
+     --in-content-primary-button-background-active: rgba(255, 255, 255, 0.7);
+   }
+ }
+ 
+ .title {
+   background-image: url("blocked.svg");
+ }
+ 
+ .button-container button {
+   border: 1px solid white;
+   margin-inline-end: 0;
+   margin-top: 1.5em;
+ }
+ 
+ #advisory_provider {
+   text-decoration: underline;
+ }
+ 
+ #errorDescriptionContainer {
+   position: absolute;
+   margin: 48px auto;
+ }
+ 
+ .error-description {
+   min-width: var(--in-content-container-min-width);
+   max-width: var(--in-content-container-max-width);
+   color: black;
+   background-color: white;
+ }
+ 
+ .error-description > p:first-child {
+   padding: 3.5em 3.5em 1em;
+ }
+ 
+ .error-description > p:last-child {
+   padding: 0 3.5em 3.5em;
+ }
+ 
+ .error-description #ignore_warning_link,
+ .error-description a:is(:link, :visited) {
+   cursor: pointer;
+   text-decoration: underline;
+   color: black;
+ }
+ 
+ a:not(:link) {
+   color: black;
+   text-decoration: none;
+   cursor: auto;
+ }
+ 
+ .sitename {
+   font-weight: bold;
+ }
+ 

WebBrowser/blockedSite.js

@@ -0,0 +1,168 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// Error url MUST be formatted like this:
+//   about:blocked?e=error_code&u=url(&o=1)?
+//     (o=1 when user overrides are allowed)
+
+// Note that this file uses document.documentURI to get
+// the URL (with the format from above). This is because
+// document.location.href gets the current URI off the docshell,
+// which is the URL displayed in the location bar, i.e.
+// the URI that the user attempted to load.
+
+function getErrorCode() {
+  var url = document.documentURI;
+  var error = url.search(/e\=/);
+  var duffUrl = url.search(/\&u\=/);
+  return decodeURIComponent(url.slice(error + 2, duffUrl));
+}
+
+function getURL() {
+  var url = document.documentURI;
+  var match = url.match(/&u=([^&]+)&/);
+
+  // match == null if not found; if so, return an empty string
+  // instead of what would turn out to be portions of the URI
+  if (!match) {
+    return "";
+  }
+
+  url = decodeURIComponent(match[1]);
+
+  // If this is a view-source page, then get then real URI of the page
+  if (url.startsWith("view-source:")) {
+    url = url.slice(12);
+  }
+  return url;
+}
+
+/**
+ * Check whether this warning page is overridable or not, in which case
+ * the "ignore the risk" suggestion in the error description
+ * should not be shown.
+ */
+function getOverride() {
+  var url = document.documentURI;
+  var match = url.match(/&o=1&/);
+  return !!match;
+}
+
+/**
+ * Attempt to get the hostname via document.location.  Fail back
+ * to getURL so that we always return something meaningful.
+ */
+function getHostString() {
+  try {
+    return document.location.hostname;
+  } catch (e) {
+    return getURL();
+  }
+}
+
+function onClickSeeDetails() {
+  let details = document.getElementById("errorDescriptionContainer");
+  details.hidden = !details.hidden;
+}
+
+function initPage() {
+  var error = "";
+  switch (getErrorCode()) {
+    case "malwareBlocked":
+      error = "malware";
+      break;
+    case "deceptiveBlocked":
+      error = "phishing";
+      break;
+    case "unwantedBlocked":
+      error = "unwanted";
+      break;
+    case "harmfulBlocked":
+      error = "harmful";
+      break;
+    default:
+      return;
+  }
+
+  // Set page contents depending on type of blocked page
+  // Prepare the title and short description text
+  let titleText = document.getElementById("errorTitleText");
+  document.l10n.setAttributes(
+    titleText,
+    "safeb-blocked-" + error + "-page-title"
+  );
+  let shortDesc = document.getElementById("errorShortDescText");
+  document.l10n.setAttributes(
+    shortDesc,
+    "safeb-blocked-" + error + "-page-short-desc"
+  );
+
+  // Prepare the inner description, ensuring any redundant inner elements are removed.
+  let innerDesc = document.getElementById("errorInnerDescription");
+  let innerDescL10nID = "safeb-blocked-" + error + "-page-error-desc-";
+  if (!getOverride()) {
+    innerDescL10nID += "no-override";
+    document.getElementById("ignore_warning_link").remove();
+  } else {
+    innerDescL10nID += "override";
+  }
+  if (error == "unwanted" || error == "harmful") {
+    document.getElementById("report_detection").remove();
+  }
+
+  // Add the inner description:
+  // Map specific elements to a different message ID, to allow updates to
+  // existing labels
+  let descriptionMapping = {
+    malware: innerDescL10nID + "-sumo",
+  };
+  document.l10n.setAttributes(
+    innerDesc,
+    descriptionMapping[error] || innerDescL10nID,
+    {
+      sitename: getHostString(),
+    }
+  );
+
+  // Add the learn more content:
+  // Map specific elements to a different message ID, to allow updates to
+  // existing labels
+  let stringMapping = {
+    malware: "safeb-blocked-malware-page-learn-more-sumo",
+  };
+
+  let learnMore = document.getElementById("learn_more");
+  document.l10n.setAttributes(
+    learnMore,
+    stringMapping[error] || `safeb-blocked-${error}-page-learn-more`
+  );
+
+  // Set sitename to bold by adding class
+  let errorSitename = document.getElementById("error_desc_sitename");
+  errorSitename.setAttribute("class", "sitename");
+
+  let titleEl = document.createElement("title");
+  document.l10n.setAttributes(
+    titleEl,
+    "safeb-blocked-" + error + "-page-title"
+  );
+  document.head.appendChild(titleEl);
+
+  // Inform the test harness that we're done loading the page.
+  var event = new CustomEvent("AboutBlockedLoaded", {
+    bubbles: true,
+    detail: {
+      url: this.getURL(),
+      err: error,
+    },
+  });
+  document.dispatchEvent(event);
+}
+
+let seeDetailsButton = document.getElementById("seeDetailsButton");
+seeDetailsButton.addEventListener("click", onClickSeeDetails);
+// Note: It is important to run the script this way, instead of using
+// an onload handler. This is because error pages are loaded as
+// LOAD_BACKGROUND, which means that onload handlers will not be executed.
+initPage();

WebBrowser/error-pages.css

@@ -0,0 +1,87 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+ @import url("chrome://global/skin/in-content/info-pages.css");
+
+ body {
+   background-size: 64px 32px;
+   background-repeat: repeat-x;
+   padding: 0;
+   /* info-pages.css sets a minimum width of 13em to the content
+    * container. If we don't set a min-width here, the content
+    * gets clipped in iframes with small width. We don't accomodate
+    * any padding to prioritize real estate in the small viewport. */
+   min-width: 13em;
+ }
+ 
+ .button-container {
+   display: flex;
+   flex-flow: row wrap;
+   justify-content: end;
+ }
+ 
+ .button-spacer {
+   flex: 1;
+ }
+ 
+ @media only screen and (max-width: 959px) {
+   body {
+     padding: 0 75px;
+   }
+ 
+   .title {
+     background-image: none !important;
+     padding-inline-start: 0;
+     margin-inline-start: 0;
+   }
+ 
+   .title-text {
+     padding-top: 0;
+   }
+ }
+ 
+ @media only screen and (max-width: 640px) {
+   .title-text {
+     padding-bottom: 0;
+     border-bottom: none;
+   }
+ }
+ 
+ @media only screen and (max-width: 480px) {
+   body {
+     padding: 0 38px;
+   }
+ 
+   .container {
+     min-width: 0;
+   }
+ 
+   .button-container button {
+     width: 100%;
+     margin: 0.66em 0 0;
+   }
+ 
+   .title-text {
+     font-size: 26px;
+   }
+ }
+ 
+ @media only screen and (max-width: 320px) {
+   body {
+     padding: 0 12px;
+   }
+ }
+ 
+ @media only screen and (max-height: 480px) {
+   body {
+     /* Note: if you change the top padding, also update the image positioning
+      * media query in aboutNetError.css for the certificate error case. */
+     padding-top: 38px;
+     /* We get rid of bottom padding for width < 640px, but
+      * for height < 480px a bit of space between the content
+      * and the viewport edge is nice. */
+     padding-bottom: 38px;
+   }
+ }
+ 

WebBrowser/frmBrowser.cs

@@ -21,6 +21,7 @@ namespace XeroBrowser
     {   
         Uri _fileUri;
         Uri _fileUri2;
+        Uri _safebrowsingblockpage;
         public FrmBrowser()
         {
             InitializeComponent();
@@ -37,6 +38,10 @@ namespace XeroBrowser
             _fileUri2 = new Uri(filePath2);
             string fileUrl2 = _fileUri2.AbsoluteUri;
 
+            string safebrowsingblockpath = Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "safebrowsingblock.html");
+            _safebrowsingblockpage = new Uri(safebrowsingblockpath);
+            string safebrowsingblockpage = _safebrowsingblockpage.AbsoluteUri;
+
             chromiumWebBrowser1.Load(fileUrl);
             txtSearchOrUrl.Text = "";
             txtSearchOrUrl.IconRight = null;
@@ -71,20 +76,24 @@ namespace XeroBrowser
         private bool _isBlocked;
         private void chromiumWebBrowser1_LoadingStateChanged(object sender, LoadingStateChangedEventArgs e)
         {
-            //chromiumWebBrowser1.LoadingStateChanged += async (s, args) =>
-            // {
-            //    if (args.IsLoading)
-           //     {
-            //         var isUnsafe = await Program.IsUrlUnsafe(args.Browser.MainFrame.Url, "AIzaSyCQV-s52iNah-il6T5iFuqo6M_JzcLyaxs");
-            //        if (isUnsafe)
-            //        {
-            //            chromiumWebBrowser1.Stop(); // cancel the navigation
-             //           _isBlocked = true;
-             //           chromiumWebBrowser1.LoadHtml("");
-             //           break;
-             //       }
-             //   }
-         // };
+            chromiumWebBrowser1.LoadingStateChanged += async (s, args) =>
+             {
+                /* if (args.IsLoading)
+                {
+                     var isUnsafe = await Program.IsUrlUnsafe(args.Browser.MainFrame.Url, "AIzaSyCQV-s52iNah-il6T5iFuqo6M_JzcLyaxs");
+                    if (isUnsafe)
+                    {
+                        chromiumWebBrowser1.Stop(); // cancel the navigation
+                        _isBlocked = true;
+                        string filePath = Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "safebrowsingblock.html");
+                        _safebrowsingblockpage = new Uri(filePath);
+                        string fileUrl = _safebrowsingblockpage.AbsoluteUri;
+                        chromiumWebBrowser1.Load(fileUrl); ;
+                        
+                    }
+                }
+                */
+          };
 
             if (e.IsLoading)
             {

WebBrowser/safebrowsingblock.html

@@ -0,0 +1,35 @@
+<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
+  <head>
+    <meta http-equiv="Content-Security-Policy" content="default-src chrome:; object-src 'none'" />
+    <meta name="color-scheme" content="light dark" />
+    <link rel="stylesheet" href="blockedSite.css" type="text/css" media="all" />
+    <link rel="icon" id="favicon" href="blocked.png" />
+    
+  <title data-l10n-id="safeb-blocked-malware-page-title">Visiting this website may harm your computer</title></head>
+  <body>
+    <div id="errorPageContainer" class="container">
+      <!-- Error Title -->
+      <div id="errorTitle" class="title">
+        <h1 class="title-text" id="errorTitleText" data-l10n-id="safeb-blocked-malware-page-title">Visiting this website may harm your computer</h1>
+      </div>
+
+      <div id="errorLongContent">
+        <!-- Short Description -->
+        <div id="errorShortDesc">
+          <p id="errorShortDescText" data-l10n-id="safeb-blocked-malware-page-short-desc">Xero blocked this page because it might attempt to install malicious software that may steal or delete personal information on your computer.</p>
+        </div>
+
+        <!-- Advisory -->
+        <div id="advisoryDesc">
+          <p id="advisoryDescText" data-l10n-args="{&quot;advisoryname&quot;:&quot;Google Safe Browsing&quot;}" data-l10n-id="safeb-palm-advisory-desc">Advisory provided by <a id="advisory_provider" data-l10n-name="advisory_provider" href="https://developers.google.com/safe-browsing/v4/advisory">Google Safe Browsing</a>.</p>
+        </div>
+
+        <!-- Action buttons -->
+        <div id="buttons" class="button-container">
+          <!-- Commands handled in browser.js -->
+          <button id="goBackButton" class="primary" data-l10n-id="safeb-palm-accept-label">Go back</button>
+        </div>
+      </div>
+  </body>
+  <script src="blockedSite.js"></script>
+</html>