Move phishing warning to the extension

[bdresser]

Bounty: rather than redirect users to our website to show the phishing warning, we should bundle the phishing page with the extension and show it full-page when the user hits a flagged site.

This prevents the small privacy leak for users hitting our site and also removes phishing.html as a target of attack.

[gitcoinbot]

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

---

Work has been started.

These users each claimed they can complete the work by 4 months, 1 week from now.
Please review their action plans below:

1) kelvintyb has started work.

Can complete within the week

Learn more on the Gitcoin Issue Details page.

[gitcoinbot]

@kelvintyb Hello from Gitcoin Core - are you still working on this issue? Please submit a WIP PR or comment back within the next 3 days or you will be removed from this ticket and it will be returned to an ‘Open’ status. Please let us know if you have questions!

• warning (3 days)
• escalation to mods (6 days)

Funders only: Snooze warnings for 1 day | 3 days | 5 days | 10 days | 100 days

[kelvintyb]

@bdresser can I clarify if the specification for showing the phishing.html full page refers to showing it within popup.html or as a separate window using either tabs.create() or windows.create()?

[bdresser]

we want to redirect the blocked page to a full-screen version of the extension. no new tab.

basically exactly the same as current behavior, except instead of hitting metamask.io/phishing.html the user sees the same page loaded from the extension.

@alextsg anything to add?

[alextsg]

This task will look something like adding a component for the phishing warning page and its route to ui/app/routes.js (something like PHISHING_WARNING_ROUTE = '/phishing-warning'), and then in app/scripts/contentscript.js, the function redirectToPhishingWarning can use extension.runtime.getURL(PHISHING_WARNING_ROUTE) to redirect to the phishing warning component.

[kelvintyb]

Thanks for the input guys :)

Is this the intended behaviour? I'm doing it slightly differently from Alex's approach since it's redirecting the current window to a html page bundled in the extension itself (see the URL). Not exactly a full screen version of the popup.html, but I'm unsure if that really works for blocking interaction with the window.

[bdresser]

@kelvintyb this looks good to me. @alextsg?

[gitcoinbot]

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

---

Work for 0.065 ETH (31.07 USD @ $477.97/ETH) has been submitted by:

1. @kelvintyb

@bdresser please take a look at the submitted work:

• PR by @kelvintyb

---

• Learn more on the Gitcoin Issue Details page
• Want to chip in? Add your own contribution here.
• Questions? Checkout Gitcoin Help or the Gitcoin Slack
• $30,949.53 more funded OSS Work available on the Gitcoin Issue Explorer

[kelvintyb]

@bdresser appreciate if you could accept this submission on gitcoin so the bounty can be completed. thanks!

[bdresser]

@kelvintyb done. sorry for the delay and thanks for your work!