This directory contains the implementation of security interstitials -- warning pages that are shown instead of web content when certain security events occur (such as an invalid certificate on an HTTPS connection, or a URL that is flagged by Safe Browsing).
This is a layered component that includes a core/
implementation (which is also used by //ios/components/security_interstitials
for the iOS implementation), and a content/
implementation for Blink platforms.
Security interstitials are split between an HTML+JS front end (which defines the actual contents shown) and a C++ backing implementation.
core/common/resources/
contains the shared HTML+JS used across the various interstitial types.
core/common/mojom/
contains the Mojo IPC definitions that are used for the interstitial JS to communicate back to the C++ interstitial code to execute various actions the user can take on the interstitial page.
core/browser/resources
contain the HTML+JS implementations of the various interstitial types (such as the SSL interstitial or Safe Browsing interstitial).
When adding a new interstitial type, you should also add it to core/browser/resources/list_of_interstitials.html
and chrome/browser/ui/webui/interstitials/interstitial_ui.cc
so that it is listed in the interstitial testing page at chrome://interstitials
.
ControllerClient
is the C++ logic that handles commands sent by the interstitial JS. The specific implementation is extended by the embedder -- see content/security_interstitial_controller_client.h
and //ios/components/security_interstitials/ios_blocking_page_controller_client.h
.
Many interstitials follow the pattern of implementing a core “UI” class (like SSLErrorUI
for SSL interstitials), which configures details for the interstitial HTML, and connects the specific blocking page implementation with the controller client implementation.
In content/
, the central classes are:
SecurityInterstitialControllerClient
, which handles commands from security interstitial pages. This is used by and extended for each interstitial type.SecurityInterstitialPage
, which handles the state of the interstitial page. This is extended for each interstitial type.SecurityInterstitialTabHelper
, which connects an interstitial page to a WebContents, and owns the underlying interstitial page.//ios/components/security_interstitials/
has parallel implementations, but for iOS where we can’t use content/
.
This directory is not an exhaustive container of all security interstitials. Some interstitial types build on the core component classes but are implemented outside of this directory (e.g., chrome/browser/lookalikes/
).