metamask-extension/app/phishing.html

<!doctype html>
<html lang="en">
  <head>
    <title>MetaMask Phishing Detection</title>
    <script src="./globalthis.js" type="text/javascript" charset="utf-8"></script>
    <script src="./lockdown-install.js" type="text/javascript" charset="utf-8"></script>
    <script src="./lockdown-run.js" type="text/javascript" charset="utf-8"></script>
    <script src="./lockdown-more.js" type="text/javascript" charset="utf-8"></script>
    <script src="./phishing-detect.js"></script>
    <link rel="stylesheet" type="text/css" href="./index.css" title="ltr">
    <link rel="stylesheet" type="text/css" href="./index-rtl.css" title="rtl" disabled>
    <style>
      *                          { margin: 0; padding: 0; box-sizing: border-box; }
      body, html                 { background-color: rgb(217, 88, 70);
                                   display: flex; flex-direction: column;
                                   justify-content: center; align-items: center;
                                   font-family: Roboto, Arial, sans-serif;
                                   width: 100vw; min-height: 100vh; }
      .content                   { display: flex; flex-direction: column; align-items: center;
                                   width: 80%;
                                   background-color: white; box-shadow: 0 0 15px #737373; }
      .content__header           { display: flex; flex-direction: column; align-items: center; justify-content: center;
                                   width: 100%;
                                   color: rgb(217, 88, 70); border-bottom: 1px solid rgb(212, 212, 212);
                                   padding: 2em; }
      .content__header h1        { font-size: 24px; font-weight: normal; }
      .content__header h1 i      { margin-right: 0.25em; }
      .content__header img       { margin-bottom: 3em; width: 160px; }
      .content__body             { background-color: rgb(245, 245, 245); font-size: 12pt; }
      .content__body p           { margin: 2em; }
      .content__body p a         { text-decoration: underline; color: inherit; cursor: pointer; }
    </style>
  </head>
  <body>
    <div class="content">
      <div class="content__header">
        <img src="./images/info-logo.png" alt="">
        <h1>
          <i class="fa fa-exclamation-circle" aria-hidden="true"></i>
          MetaMask Phishing Detection
        </h1>
      </div>
      <div class="content__body">
        <p>
          This domain is currently on the MetaMask domain warning list. This means that based on information available to us,
          MetaMask believes this domain could currently compromise your security and, as an added safety feature, MetaMask
          has restricted access to the site. To override this, please read the rest of this warning for instructions on how to continue at your own risk.
        </p>
        <p>
          There are many reasons sites can appear on our warning list, and our warning list compiles from other widely used industry lists.
          Such reasons can include known fraud or security risks, such as domains that test positive on the
          <a href="https://github.com/metamask/eth-phishing-detect">Ethereum Phishing Detector</a>.
          Domains on these warning lists may include outright malicious websites and legitimate websites that have been compromised by a malicious actor.
        </p>
        <p>To read more about this site <a id="csdbLink" href="https://cryptoscamdb.org/search">please search for the domain on CryptoScamDB</a>.</p>
        <p>
          Note that this warning list is compiled on a voluntary basis. This list may be inaccurate or incomplete.
          Just because a domain does not appear on this list is not an implicit guarantee of that domain's safety.
          As always, your transactions are your own responsibility. If you wish to interact with any domain on our warning list,
          you can do so by <a id="unsafe-continue">continuing at your own risk</a>.
        </p>
        <p>
          If you think this domain is incorrectly flagged or if a blocked legitimate website has resolved its security issues,
          <a id="new-issue-link" href="https://github.com/metamask/eth-phishing-detect/issues/new">please file an issue</a>.
        </p>
      </div>
    </div>
  </body>
</html>
Update design of phishing warning screen 2018-12-13 15:37:21 +01:00			`<!doctype html>`
			`<html lang="en">`
add phishing html page, and redirect to bundled page in-window 2018-07-25 17:37:04 +02:00			`<head>`
Update phishing.html (#13323) 2022-01-24 19:11:18 +01:00			`<title>MetaMask Phishing Detection</title>`
Fix SES lockdown on older browsers (#10014) On older browsers that don't support `globalThis`[1], the SES lockdown throws an error. The `globalthis` shim has been added to all pages, to the background process, and to the `contentscript`. This should prevent the error on older browsers. [1]: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/globalThis#Browser_compatibility 2020-12-08 19:38:31 +01:00			`<script src="./globalthis.js" type="text/javascript" charset="utf-8"></script>`
Build - refactor for bundle factoring and swappable runtime (#11080) * wip * build - breakout sentry-install bundle * deps - move new build sys deps to published versions * chore: lint fix * clean - remove unused file * clean - remove unsused package script * lavamoat - update build system policy * build - render html to all platforms * development - improve sourcemap debugger output * deps - update lavapack * lint - fix * deps - update lavapack for bugfix * deps - update lavapack for bugfix * deps - bump lavapack for line ending normalization * sourcemap explorer - disable boundary validation * ci - reset normal ci flow * build - re-enable minification on prod * build - remove noisy log about html dest * build - update terser and remove gulp wrapper for sourcemap fix * Revert "sourcemap explorer - disable boundary validation" This reverts commit 94112209ed880a6ebf4ee2ded411e59db6908162. * build - reenable react-devtools in dev mode * wip * build - breakout sentry-install bundle * deps - move new build sys deps to published versions * chore: lint fix * clean - remove unused file * clean - remove unsused package script * lavamoat - update build system policy * build - render html to all platforms * development - improve sourcemap debugger output * deps - update lavapack * lint - fix * deps - update lavapack for bugfix * deps - update lavapack for bugfix * deps - bump lavapack for line ending normalization * sourcemap explorer - disable boundary validation * ci - reset normal ci flow * build - re-enable minification on prod * build - remove noisy log about html dest * build - update terser and remove gulp wrapper for sourcemap fix * Revert "sourcemap explorer - disable boundary validation" This reverts commit 94112209ed880a6ebf4ee2ded411e59db6908162. * build - reenable react-devtools in dev mode * Updating lockfile * lint fix * build/dev - patch watchifys incompatible binary stats output * ui - add comment about conditional import * build - improve comment * Update development/stream-flat-map.js Co-authored-by: Brad Decker <git@braddecker.dev> * Outputting all bundle file links (metamaskbot) Co-authored-by: ryanml <ryanlanese@gmail.com> Co-authored-by: Brad Decker <git@braddecker.dev> 2021-07-15 19:59:34 +02:00			`<script src="./lockdown-install.js" type="text/javascript" charset="utf-8"></script>`
			`<script src="./lockdown-run.js" type="text/javascript" charset="utf-8"></script>`
lockdown - breakout making globalThis properties non-writable (#12258) * lockdown - breakout making globalThis properties non-writable into lockdown-more.js * Update app/scripts/lockdown-more.js Co-authored-by: David Walsh <davidwalsh83@gmail.com> * Update app/scripts/lockdown-more.js Co-authored-by: Erik Marks <25517051+rekmarks@users.noreply.github.com> Co-authored-by: David Walsh <davidwalsh83@gmail.com> Co-authored-by: Erik Marks <25517051+rekmarks@users.noreply.github.com> 2021-10-01 20:53:12 +02:00			`<script src="./lockdown-more.js" type="text/javascript" charset="utf-8"></script>`
Update design of phishing warning screen 2018-12-13 15:37:21 +01:00			`<script src="./phishing-detect.js"></script>`
Use main style bundle for phishing page (#8255) The phishing detection page had been using a separate stylesheet from the rest of MetaMask. This stylesheet (`app/fonts/index.css`) was just responsible for importing all fonts. The phishing page now uses the same stylesheet as the rest of MetaMask. The old stylesheet has been removed, leaving us with one less thing we need to maintain as fonts are changed. We may want to revisit this later to optimize performance by reducing the size of this CSS bundle to the minimal set of styles required, but the impact is tiny in practice, and not especially important in this situation. 2020-03-31 00:44:46 +02:00			`<link rel="stylesheet" type="text/css" href="./index.css" title="ltr">`
			`<link rel="stylesheet" type="text/css" href="./index-rtl.css" title="rtl" disabled>`
add phishing html page, and redirect to bundled page in-window 2018-07-25 17:37:04 +02:00			`<style>`
Update design of phishing warning screen 2018-12-13 15:37:21 +01:00			`* { margin: 0; padding: 0; box-sizing: border-box; }`
			`body, html { background-color: rgb(217, 88, 70);`
			`display: flex; flex-direction: column;`
			`justify-content: center; align-items: center;`
			`font-family: Roboto, Arial, sans-serif;`
			`width: 100vw; min-height: 100vh; }`
			`.content { display: flex; flex-direction: column; align-items: center;`
			`width: 80%;`
			`background-color: white; box-shadow: 0 0 15px #737373; }`
			`.content__header { display: flex; flex-direction: column; align-items: center; justify-content: center;`
			`width: 100%;`
			`color: rgb(217, 88, 70); border-bottom: 1px solid rgb(212, 212, 212);`
			`padding: 2em; }`
			`.content__header h1 { font-size: 24px; font-weight: normal; }`
			`.content__header h1 i { margin-right: 0.25em; }`
			`.content__header img { margin-bottom: 3em; width: 160px; }`
			`.content__body { background-color: rgb(245, 245, 245); font-size: 12pt; }`
			`.content__body p { margin: 2em; }`
			`.content__body p a { text-decoration: underline; color: inherit; cursor: pointer; }`
add phishing html page, and redirect to bundled page in-window 2018-07-25 17:37:04 +02:00			`</style>`
			`</head>`
			`<body>`
Update design of phishing warning screen 2018-12-13 15:37:21 +01:00			`<div class="content">`
			`<div class="content__header">`
			`<img src="./images/info-logo.png" alt="">`
			`<h1>`
			`<i class="fa fa-exclamation-circle" aria-hidden="true"></i>`
Update phishing.html (#13323) 2022-01-24 19:11:18 +01:00			`MetaMask Phishing Detection`
Update design of phishing warning screen 2018-12-13 15:37:21 +01:00			`</h1>`
			`</div>`
			`<div class="content__body">`
			`<p>`
			`This domain is currently on the MetaMask domain warning list. This means that based on information available to us,`
			`MetaMask believes this domain could currently compromise your security and, as an added safety feature, MetaMask`
			`has restricted access to the site. To override this, please read the rest of this warning for instructions on how to continue at your own risk.`
			`</p>`
			`<p>`
			`There are many reasons sites can appear on our warning list, and our warning list compiles from other widely used industry lists.`
			`Such reasons can include known fraud or security risks, such as domains that test positive on the`
			`<a href="https://github.com/metamask/eth-phishing-detect">Ethereum Phishing Detector</a>.`
			`Domains on these warning lists may include outright malicious websites and legitimate websites that have been compromised by a malicious actor.`
			`</p>`
Autofilling new issue link with url and domain (Phishing detect page) (#12000) 2021-09-03 20:22:28 +02:00			`<p>To read more about this site <a id="csdbLink" href="https://cryptoscamdb.org/search">please search for the domain on CryptoScamDB</a>.</p>`
Update design of phishing warning screen 2018-12-13 15:37:21 +01:00			`<p>`
			`Note that this warning list is compiled on a voluntary basis. This list may be inaccurate or incomplete.`
			`Just because a domain does not appear on this list is not an implicit guarantee of that domain's safety.`
			`As always, your transactions are your own responsibility. If you wish to interact with any domain on our warning list,`
			`you can do so by <a id="unsafe-continue">continuing at your own risk</a>.`
			`</p>`
			`<p>`
			`If you think this domain is incorrectly flagged or if a blocked legitimate website has resolved its security issues,`
Autofilling new issue link with url and domain (Phishing detect page) (#12000) 2021-09-03 20:22:28 +02:00			`<a id="new-issue-link" href="https://github.com/metamask/eth-phishing-detect/issues/new">please file an issue</a>.`
Update design of phishing warning screen 2018-12-13 15:37:21 +01:00			`</p>`
			`</div>`
add phishing html page, and redirect to bundled page in-window 2018-07-25 17:37:04 +02:00			`</div>`
			`</body>`
Update Phishing Html 2018-07-27 23:10:18 +02:00			`</html>`