metamask-extension/app/phishing.html

<!doctype html>
<html lang="en">
  <head>
    <title>Ethereum Phishing Detection - MetaMask</title>
    <script src="./globalthis.js" type="text/javascript" charset="utf-8"></script>
    <script src="./lockdown.js" type="text/javascript" charset="utf-8"></script>
    <script src="./runLockdown.js" type="text/javascript" charset="utf-8"></script>
    <script src="./phishing-detect.js"></script>
    <link rel="stylesheet" type="text/css" href="./index.css" title="ltr">
    <link rel="stylesheet" type="text/css" href="./index-rtl.css" title="rtl" disabled>
    <style>
      *                          { margin: 0; padding: 0; box-sizing: border-box; }
      body, html                 { background-color: rgb(217, 88, 70);
                                   display: flex; flex-direction: column;
                                   justify-content: center; align-items: center;
                                   font-family: Roboto, Arial, sans-serif;
                                   width: 100vw; min-height: 100vh; }
      .content                   { display: flex; flex-direction: column; align-items: center;
                                   width: 80%;
                                   background-color: white; box-shadow: 0 0 15px #737373; }
      .content__header           { display: flex; flex-direction: column; align-items: center; justify-content: center;
                                   width: 100%;
                                   color: rgb(217, 88, 70); border-bottom: 1px solid rgb(212, 212, 212);
                                   padding: 2em; }
      .content__header h1        { font-size: 24px; font-weight: normal; }
      .content__header h1 i      { margin-right: 0.25em; }
      .content__header img       { margin-bottom: 3em; width: 160px; }
      .content__body             { background-color: rgb(245, 245, 245); font-size: 12pt; }
      .content__body p           { margin: 2em; }
      .content__body p a         { text-decoration: underline; color: inherit; cursor: pointer; }
    </style>
  </head>
  <body>
    <div class="content">
      <div class="content__header">
        <img src="./images/info-logo.png" alt="">
        <h1>
          <i class="fa fa-exclamation-circle" aria-hidden="true"></i>
          Ethereum Phishing Detection
        </h1>
      </div>
      <div class="content__body">
        <p>
          This domain is currently on the MetaMask domain warning list. This means that based on information available to us,
          MetaMask believes this domain could currently compromise your security and, as an added safety feature, MetaMask
          has restricted access to the site. To override this, please read the rest of this warning for instructions on how to continue at your own risk.
        </p>
        <p>
          There are many reasons sites can appear on our warning list, and our warning list compiles from other widely used industry lists.
          Such reasons can include known fraud or security risks, such as domains that test positive on the
          <a href="https://github.com/metamask/eth-phishing-detect">Ethereum Phishing Detector</a>.
          Domains on these warning lists may include outright malicious websites and legitimate websites that have been compromised by a malicious actor.
        </p>
        <p>To read more about this site <a id="csdbLink">please search for the domain on CryptoScamDB</a>.</p>
        <p>
          Note that this warning list is compiled on a voluntary basis. This list may be inaccurate or incomplete.
          Just because a domain does not appear on this list is not an implicit guarantee of that domain's safety.
          As always, your transactions are your own responsibility. If you wish to interact with any domain on our warning list,
          you can do so by <a id="unsafe-continue">continuing at your own risk</a>.
        </p>
        <p>
          If you think this domain is incorrectly flagged or if a blocked legitimate website has resolved its security issues,
          <a href="https://github.com/metamask/eth-phishing-detect/issues/new">please file an issue</a>.
        </p>
      </div>
    </div>
  </body>
</html>
Update design of phishing warning screen 2018-12-13 15:37:21 +01:00			`<!doctype html>`
			`<html lang="en">`
add phishing html page, and redirect to bundled page in-window 2018-07-25 17:37:04 +02:00			`<head>`
fix typo in phishing.html title 2019-01-03 08:31:53 +01:00			`<title>Ethereum Phishing Detection - MetaMask</title>`
Fix SES lockdown on older browsers (#10014) On older browsers that don't support `globalThis`[1], the SES lockdown throws an error. The `globalthis` shim has been added to all pages, to the background process, and to the `contentscript`. This should prevent the error on older browsers. [1]: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/globalThis#Browser_compatibility 2020-12-08 19:38:31 +01:00			`<script src="./globalthis.js" type="text/javascript" charset="utf-8"></script>`
Rename `lockdown.cjs` to `lockdown.js` (#10026) When you load an extension `.zip` file in Firefox, it fails to load scripts with the `.cjs` file extension. However, it works if you load the extension via the `manifest.json` file instead. After renaming the `lockdown.cjs` file to `lockdown.js`, it works in Firefox in all cases, regardless whether it's loaded by manifest or by `.zip`. 2020-12-09 16:34:11 +01:00			`<script src="./lockdown.js" type="text/javascript" charset="utf-8"></script>`
Add SES lockdown to extension webapp (#9729) * Freezeglobals: remove Promise freezing, add lockdown * background & UI: temp disable sentry * add loose-envify, dedupe symbol-observable * use loose envify * add symbol-observable patch * run freezeGlobals after sentry init * use require instead of import * add lockdown to contentscript * add error code in message * try increasing node env heap size to 2048 * change back circe CI option * make freezeGlobals an exported function * make freezeGlobals an exported function * use freezeIntrinsics * pass down env to child process * fix unknown module * fix tests * change back to 2048 * fix import error * attempt to fix memory error * fix lint * fix lint * fix mem gain * use lockdown in phishing detect * fix lint * move sentry init into freezeIntrinsics to run lockdown before other imports * lint fix * custom lockdown modules per context * lint fix * fix global test * remove run in child process * remove lavamoat-core, use ses, require lockdown directly * revert childprocess * patch package postinstall * revert back child process * add postinstall to ci * revert node max space size to 1024 * put back loose-envify * Disable sentry to see if e2e tetss pass * use runLockdown, add as script in manifest * remove global and require from runlockdown * add more memory to tests * upgrade resource class for prep-build & prep-build-test * fix lint * lint fix * upgrade remote-redux-devtools * skillfully re-add sentry * lintfix * fix lint * put back beep * remove envify, add loose-envify and patch-package in dev deps * Replace patch with Yarn resolution (#9923) Instead of patching `symbol-observable`, this ensures that all versions of `symbol-observable` are resolved to the given range, even if it contradicts the requested range. Co-authored-by: Mark Stacey <markjstacey@gmail.com> 2020-11-24 04:26:43 +01:00			`<script src="./runLockdown.js" type="text/javascript" charset="utf-8"></script>`
Update design of phishing warning screen 2018-12-13 15:37:21 +01:00			`<script src="./phishing-detect.js"></script>`
Use main style bundle for phishing page (#8255) The phishing detection page had been using a separate stylesheet from the rest of MetaMask. This stylesheet (`app/fonts/index.css`) was just responsible for importing all fonts. The phishing page now uses the same stylesheet as the rest of MetaMask. The old stylesheet has been removed, leaving us with one less thing we need to maintain as fonts are changed. We may want to revisit this later to optimize performance by reducing the size of this CSS bundle to the minimal set of styles required, but the impact is tiny in practice, and not especially important in this situation. 2020-03-31 00:44:46 +02:00			`<link rel="stylesheet" type="text/css" href="./index.css" title="ltr">`
			`<link rel="stylesheet" type="text/css" href="./index-rtl.css" title="rtl" disabled>`
add phishing html page, and redirect to bundled page in-window 2018-07-25 17:37:04 +02:00			`<style>`
Update design of phishing warning screen 2018-12-13 15:37:21 +01:00			`* { margin: 0; padding: 0; box-sizing: border-box; }`
			`body, html { background-color: rgb(217, 88, 70);`
			`display: flex; flex-direction: column;`
			`justify-content: center; align-items: center;`
			`font-family: Roboto, Arial, sans-serif;`
			`width: 100vw; min-height: 100vh; }`
			`.content { display: flex; flex-direction: column; align-items: center;`
			`width: 80%;`
			`background-color: white; box-shadow: 0 0 15px #737373; }`
			`.content__header { display: flex; flex-direction: column; align-items: center; justify-content: center;`
			`width: 100%;`
			`color: rgb(217, 88, 70); border-bottom: 1px solid rgb(212, 212, 212);`
			`padding: 2em; }`
			`.content__header h1 { font-size: 24px; font-weight: normal; }`
			`.content__header h1 i { margin-right: 0.25em; }`
			`.content__header img { margin-bottom: 3em; width: 160px; }`
			`.content__body { background-color: rgb(245, 245, 245); font-size: 12pt; }`
			`.content__body p { margin: 2em; }`
			`.content__body p a { text-decoration: underline; color: inherit; cursor: pointer; }`
add phishing html page, and redirect to bundled page in-window 2018-07-25 17:37:04 +02:00			`</style>`
			`</head>`
			`<body>`
Update design of phishing warning screen 2018-12-13 15:37:21 +01:00			`<div class="content">`
			`<div class="content__header">`
			`<img src="./images/info-logo.png" alt="">`
			`<h1>`
			`<i class="fa fa-exclamation-circle" aria-hidden="true"></i>`
			`Ethereum Phishing Detection`
			`</h1>`
			`</div>`
			`<div class="content__body">`
			`<p>`
			`This domain is currently on the MetaMask domain warning list. This means that based on information available to us,`
			`MetaMask believes this domain could currently compromise your security and, as an added safety feature, MetaMask`
			`has restricted access to the site. To override this, please read the rest of this warning for instructions on how to continue at your own risk.`
			`</p>`
			`<p>`
			`There are many reasons sites can appear on our warning list, and our warning list compiles from other widely used industry lists.`
			`Such reasons can include known fraud or security risks, such as domains that test positive on the`
			`<a href="https://github.com/metamask/eth-phishing-detect">Ethereum Phishing Detector</a>.`
			`Domains on these warning lists may include outright malicious websites and legitimate websites that have been compromised by a malicious actor.`
			`</p>`
Updating deprecated Etherscam link (#7464) Co-authored-by: Whymarrh Whitby <whymarrh.whitby@gmail.com> 2020-02-03 21:15:53 +01:00			`<p>To read more about this site <a id="csdbLink">please search for the domain on CryptoScamDB</a>.</p>`
Update design of phishing warning screen 2018-12-13 15:37:21 +01:00			`<p>`
			`Note that this warning list is compiled on a voluntary basis. This list may be inaccurate or incomplete.`
			`Just because a domain does not appear on this list is not an implicit guarantee of that domain's safety.`
			`As always, your transactions are your own responsibility. If you wish to interact with any domain on our warning list,`
			`you can do so by <a id="unsafe-continue">continuing at your own risk</a>.`
			`</p>`
			`<p>`
			`If you think this domain is incorrectly flagged or if a blocked legitimate website has resolved its security issues,`
			`<a href="https://github.com/metamask/eth-phishing-detect/issues/new">please file an issue</a>.`
			`</p>`
			`</div>`
add phishing html page, and redirect to bundled page in-window 2018-07-25 17:37:04 +02:00			`</div>`
			`</body>`
Update Phishing Html 2018-07-27 23:10:18 +02:00			`</html>`