1
0
mirror of https://github.com/kremalicious/metamask-extension.git synced 2024-11-27 04:46:10 +01:00
metamask-extension/app/phishing.html
Etienne Dusseault 9f6fa64d67
Add SES lockdown to extension webapp (#9729)
* Freezeglobals: remove Promise freezing, add lockdown

* background & UI: temp disable sentry

* add loose-envify, dedupe symbol-observable

* use loose envify

* add symbol-observable patch

* run freezeGlobals after sentry init

* use require instead of import

* add lockdown to contentscript

* add error code in message

* try increasing node env heap size to 2048

* change back circe CI option

* make freezeGlobals an exported function

* make freezeGlobals an exported function

* use freezeIntrinsics

* pass down env to child process

* fix unknown module

* fix tests

* change back to 2048

* fix import error

* attempt to fix memory error

* fix lint

* fix lint

* fix mem gain

* use lockdown in phishing detect

* fix lint

* move sentry init into freezeIntrinsics to run lockdown before other imports

* lint fix

* custom lockdown modules per context

* lint fix

* fix global test

* remove run in child process

* remove lavamoat-core, use ses, require lockdown directly

* revert childprocess

* patch package postinstall

* revert back child process

* add postinstall to ci

* revert node max space size to 1024

* put back loose-envify

* Disable sentry to see if e2e tetss pass

* use runLockdown, add as script in manifest

* remove global and require from runlockdown

* add more memory to tests

* upgrade resource class for prep-build & prep-build-test

* fix lint

* lint fix

* upgrade remote-redux-devtools

* skillfully re-add sentry

* lintfix

* fix lint

* put back beep

* remove envify, add loose-envify and patch-package in dev deps

* Replace patch with Yarn resolution (#9923)

Instead of patching `symbol-observable`, this ensures that all
versions of `symbol-observable` are resolved to the given range, even
if it contradicts the requested range.

Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2020-11-24 11:26:43 +08:00

68 lines
4.0 KiB
HTML

<!doctype html>
<html lang="en">
<head>
<title>Ethereum Phishing Detection - MetaMask</title>
<script src="./lockdown.cjs" type="text/javascript" charset="utf-8"></script>
<script src="./runLockdown.js" type="text/javascript" charset="utf-8"></script>
<script src="./phishing-detect.js"></script>
<link rel="stylesheet" type="text/css" href="./index.css" title="ltr">
<link rel="stylesheet" type="text/css" href="./index-rtl.css" title="rtl" disabled>
<style>
* { margin: 0; padding: 0; box-sizing: border-box; }
body, html { background-color: rgb(217, 88, 70);
display: flex; flex-direction: column;
justify-content: center; align-items: center;
font-family: Roboto, Arial, sans-serif;
width: 100vw; min-height: 100vh; }
.content { display: flex; flex-direction: column; align-items: center;
width: 80%;
background-color: white; box-shadow: 0 0 15px #737373; }
.content__header { display: flex; flex-direction: column; align-items: center; justify-content: center;
width: 100%;
color: rgb(217, 88, 70); border-bottom: 1px solid rgb(212, 212, 212);
padding: 2em; }
.content__header h1 { font-size: 24px; font-weight: normal; }
.content__header h1 i { margin-right: 0.25em; }
.content__header img { margin-bottom: 3em; width: 160px; }
.content__body { background-color: rgb(245, 245, 245); font-size: 12pt; }
.content__body p { margin: 2em; }
.content__body p a { text-decoration: underline; color: inherit; cursor: pointer; }
</style>
</head>
<body>
<div class="content">
<div class="content__header">
<img src="./images/info-logo.png" alt="">
<h1>
<i class="fa fa-exclamation-circle" aria-hidden="true"></i>
Ethereum Phishing Detection
</h1>
</div>
<div class="content__body">
<p>
This domain is currently on the MetaMask domain warning list. This means that based on information available to us,
MetaMask believes this domain could currently compromise your security and, as an added safety feature, MetaMask
has restricted access to the site. To override this, please read the rest of this warning for instructions on how to continue at your own risk.
</p>
<p>
There are many reasons sites can appear on our warning list, and our warning list compiles from other widely used industry lists.
Such reasons can include known fraud or security risks, such as domains that test positive on the
<a href="https://github.com/metamask/eth-phishing-detect">Ethereum Phishing Detector</a>.
Domains on these warning lists may include outright malicious websites and legitimate websites that have been compromised by a malicious actor.
</p>
<p>To read more about this site <a id="csdbLink">please search for the domain on CryptoScamDB</a>.</p>
<p>
Note that this warning list is compiled on a voluntary basis. This list may be inaccurate or incomplete.
Just because a domain does not appear on this list is not an implicit guarantee of that domain's safety.
As always, your transactions are your own responsibility. If you wish to interact with any domain on our warning list,
you can do so by <a id="unsafe-continue">continuing at your own risk</a>.
</p>
<p>
If you think this domain is incorrectly flagged or if a blocked legitimate website has resolved its security issues,
<a href="https://github.com/metamask/eth-phishing-detect/issues/new">please file an issue</a>.
</p>
</div>
</div>
</body>
</html>