1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 /** 6 * HSTS is HTTPS Strict Transport Security: a way for sites to elect to always 7 * use HTTPS. See http://dev.chromium.org/sts 8 * 9 * This UI allows a user to query and update the browser's list of HSTS domains. 10 11 * @constructor 12 */ 13 function HSTSView(mainBoxId, queryInputId, formId, queryOutputDivId, 14 addInputId, addFormId, addCheckId, addPinsId, 15 deleteInputId, deleteFormId) { 16 DivView.call(this, mainBoxId); 17 18 this.queryInput_ = document.getElementById(queryInputId); 19 this.addCheck_ = document.getElementById(addCheckId); 20 this.addInput_ = document.getElementById(addInputId); 21 this.addPins_ = document.getElementById(addPinsId); 22 this.deleteInput_ = document.getElementById(deleteInputId); 23 this.queryOutputDiv_ = document.getElementById(queryOutputDivId); 24 25 var form = document.getElementById(formId); 26 form.addEventListener('submit', this.onSubmitQuery_.bind(this), false); 27 form = document.getElementById(addFormId); 28 form.addEventListener('submit', this.onSubmitAdd_.bind(this), false); 29 form = document.getElementById(deleteFormId); 30 form.addEventListener('submit', this.onSubmitDelete_.bind(this), false); 31 32 g_browser.addHSTSObserver(this); 33 } 34 35 inherits(HSTSView, DivView); 36 37 HSTSView.prototype.onSubmitQuery_ = function(event) { 38 g_browser.sendHSTSQuery(this.queryInput_.value); 39 event.preventDefault(); 40 }; 41 42 HSTSView.prototype.onSubmitAdd_ = function(event) { 43 g_browser.sendHSTSAdd(this.addInput_.value, 44 this.addCheck_.checked, 45 this.addPins_.value); 46 g_browser.sendHSTSQuery(this.addInput_.value); 47 this.queryInput_.value = this.addInput_.value; 48 this.addCheck_.checked = false; 49 this.addInput_.value = ''; 50 this.addPins_.value = ''; 51 event.preventDefault(); 52 }; 53 54 HSTSView.prototype.onSubmitDelete_ = function(event) { 55 g_browser.sendHSTSDelete(this.deleteInput_.value); 56 this.deleteInput_.value = ''; 57 event.preventDefault(); 58 }; 59 60 function hstsModeToString(m) { 61 if (m == 0) { 62 return 'STRICT'; 63 } else if (m == 1) { 64 return 'OPPORTUNISTIC'; 65 } else if (m == 2) { 66 return 'SPDY'; 67 } else { 68 return 'UNKNOWN'; 69 } 70 } 71 72 function yellowFade(element) { 73 element.style.webkitTransitionProperty = 'background-color'; 74 element.style.webkitTransitionDuration = '0'; 75 element.style.backgroundColor = '#fffccf'; 76 setTimeout(function() { 77 element.style.webkitTransitionDuration = '1000ms'; 78 element.style.backgroundColor = '#fff'; 79 }, 0); 80 } 81 82 HSTSView.prototype.onHSTSQueryResult = function(result) { 83 if (result.error != undefined) { 84 this.queryOutputDiv_.innerHTML = ''; 85 s = addNode(this.queryOutputDiv_, 'span'); 86 s.innerText = result.error; 87 s.style.color = 'red'; 88 yellowFade(this.queryOutputDiv_); 89 return; 90 } 91 92 if (result.result == false) { 93 this.queryOutputDiv_.innerHTML = '<b>Not found</b>'; 94 yellowFade(this.queryOutputDiv_); 95 return; 96 } 97 98 this.queryOutputDiv_.innerHTML = ''; 99 100 s = addNode(this.queryOutputDiv_, 'span'); 101 s.innerHTML = '<b>Found</b>: mode: '; 102 103 t = addNode(this.queryOutputDiv_, 'tt'); 104 t.innerText = hstsModeToString(result.mode); 105 106 addTextNode(this.queryOutputDiv_, ' include_subdomains:'); 107 108 t = addNode(this.queryOutputDiv_, 'tt'); 109 t.innerText = result.subdomains; 110 111 addTextNode(this.queryOutputDiv_, ' domain:'); 112 113 t = addNode(this.queryOutputDiv_, 'tt'); 114 t.innerText = result.domain; 115 116 addTextNode(this.queryOutputDiv_, ' is_preloaded:'); 117 118 t = addNode(this.queryOutputDiv_, 'tt'); 119 t.innerText = result.preloaded; 120 121 addTextNode(this.queryOutputDiv_, ' pubkey_hashes:'); 122 123 t = addNode(this.queryOutputDiv_, 'tt'); 124 t.innerText = result.public_key_hashes; 125 126 yellowFade(this.queryOutputDiv_); 127 } 128
