components/security_interstitials/README.md - chromium/src.git - Git at Google

 # Security Interstitials

 This directory contains the implementation of security interstitials -- warning
 pages that are shown instead of web content when certain security events occur
 (such as an invalid certificate on an HTTPS connection, or a URL that is flagged
 by Safe Browsing).

 This is a layered component that includes a `core/` implementation (which is
 also used by `//ios/components/security_interstitials` for the iOS
 implementation), and a `content/` implementation for Blink platforms.

 Security interstitials are split between an HTML+JS front end (which defines
 the actual contents shown) and a C++ backing implementation.

 `core/common/resources/` contains the shared HTML+JS used across the various
 interstitial types.

 `core/common/mojom/` contains the Mojo IPC definitions that are used for the
 interstitial JS to communicate back to the C++ interstitial code to execute
 various actions the user can take on the interstitial page.

 `core/browser/resources` contain the HTML+JS implementations of the various
 interstitial types (such as the SSL interstitial or Safe Browsing interstitial).

 When adding a new interstitial type, you should also add it to
 `core/browser/resources/list_of_interstitials.html` and
 `chrome/browser/ui/webui/interstitials/interstitial_ui.cc` so that it is listed
 in the interstitial testing page at `chrome://interstitials`.

 `ControllerClient` is the C++ logic that handles commands sent by the
 interstitial JS. The specific implementation is extended by the embedder -- see
 `content/security_interstitial_controller_client.h` and
 `//ios/components/security_interstitials/ios_blocking_page_controller_client.h`.

 Many interstitials follow the pattern of implementing a core “UI” class (like
 `SSLErrorUI` for SSL interstitials), which configures details for the
 interstitial HTML, and connects the specific blocking page implementation with
 the controller client implementation.

 In `content/`, the central classes are:

 *   `SecurityInterstitialControllerClient`, which handles commands from security
     interstitial pages. This is used by and extended for each interstitial type.
 *   `SecurityInterstitialPage`, which handles the state of the interstitial page.
     This is extended for each interstitial type.
 *   `SecurityInterstitialTabHelper`, which connects an interstitial page to a
     WebContents, and owns the underlying interstitial page.

 `//ios/components/security_interstitials/` has parallel implementations, but for
 iOS where we can’t use `content/`.

 This directory is not an exhaustive container of all security interstitials.
 Some interstitial types build on the core component classes but are implemented
 outside of this directory (e.g., `chrome/browser/lookalikes/`).
	# Security Interstitials

	This directory contains the implementation of security interstitials -- warning
	pages that are shown instead of web content when certain security events occur
	(such as an invalid certificate on an HTTPS connection, or a URL that is flagged
	by Safe Browsing).

	This is a layered component that includes a `core/` implementation (which is
	also used by `//ios/components/security_interstitials` for the iOS
	implementation), and a `content/` implementation for Blink platforms.

	Security interstitials are split between an HTML+JS front end (which defines
	the actual contents shown) and a C++ backing implementation.

	`core/common/resources/` contains the shared HTML+JS used across the various
	interstitial types.

	`core/common/mojom/` contains the Mojo IPC definitions that are used for the
	interstitial JS to communicate back to the C++ interstitial code to execute
	various actions the user can take on the interstitial page.

	`core/browser/resources` contain the HTML+JS implementations of the various
	interstitial types (such as the SSL interstitial or Safe Browsing interstitial).

	When adding a new interstitial type, you should also add it to
	`core/browser/resources/list_of_interstitials.html` and
	`chrome/browser/ui/webui/interstitials/interstitial_ui.cc` so that it is listed
	in the interstitial testing page at `chrome://interstitials`.

	`ControllerClient` is the C++ logic that handles commands sent by the
	interstitial JS. The specific implementation is extended by the embedder -- see
	`content/security_interstitial_controller_client.h` and
	`//ios/components/security_interstitials/ios_blocking_page_controller_client.h`.

	Many interstitials follow the pattern of implementing a core “UI” class (like
	`SSLErrorUI` for SSL interstitials), which configures details for the
	interstitial HTML, and connects the specific blocking page implementation with
	the controller client implementation.

	In `content/`, the central classes are:

	* `SecurityInterstitialControllerClient`, which handles commands from security
	interstitial pages. This is used by and extended for each interstitial type.
	* `SecurityInterstitialPage`, which handles the state of the interstitial page.
	This is extended for each interstitial type.
	* `SecurityInterstitialTabHelper`, which connects an interstitial page to a
	WebContents, and owns the underlying interstitial page.

	`//ios/components/security_interstitials/` has parallel implementations, but for
	iOS where we can’t use `content/`.

	This directory is not an exhaustive container of all security interstitials.
	Some interstitial types build on the core component classes but are implemented
	outside of this directory (e.g., `chrome/browser/lookalikes/`).