Release build 7.6.0 [ci release]

.github/workflows/release-protection.yml

@@ -0,0 +1,37 @@
+name: Delete manually created release
+
+on:
+    release:
+        types:
+            - created
+
+jobs:
+    validate-release:
+        runs-on: ubuntu-latest
+        steps:
+            - name: Check out the repository
+              uses: actions/checkout@v3
+
+            - name: Delete Release
+              env:
+                  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+              run: |
+                  echo "Deleting release: ${{ github.event.release.tag_name }}"
+                  gh release delete ${{ github.event.release.tag_name }} --yes
+
+            - name: Delete the release and tag
+              env:
+                  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+              run: |
+                  echo "Deleting tag: ${{ github.event.release.tag_name }}"
+                  git tag -d ${{ github.event.release.tag_name }}
+                  git push origin --delete ${{ github.event.release.tag_name }}
+
+            - name: Why was this release deleted?
+              run: |
+                  cat <<EOF
+                  Our release process commits assets to the 'releases' branch - and that has to occur before the 
+                  git tag is created. Because of that fact, we need to prevent anyone from creating a release in the GitHub UI.
+
+                  Instead, use the release workflow.
+                  EOF

.npmrc

@@ -1 +1,2 @@
 engine-strict=true
+node-options=--no-experimental-require-module

.nvmrc

@@ -1 +1 @@
-22.11
+22

CHANGELOG.txt

@@ -1,2 +1,3 @@
-- Copy review: Site may be malicious (#266)
-- Node 22.11 (#276)
+- Malicious website protection - iOS support (#252)
+- ci: add release protection (#283)
+- Disabling experimental require module on node (#277)

build/app/public/js/base.js

@@ -14005,7 +14005,7 @@
     const isIsProtectedSet = typeof protections !== "undefined";
     const isTrackerBlockingDataSet = typeof trackerBlockingData === "object";
     const isLocaleSet = typeof locale === "string";
-    const isMaliciousSiteSet = isIOS() || maliciousSiteStatus && maliciousSiteStatus.kind !== void 0;
+    const isMaliciousSiteSet = maliciousSiteStatus && maliciousSiteStatus.kind !== void 0;
     if (!isLocaleSet || !isUpgradedHttpsSet || !isIsProtectedSet || !isTrackerBlockingDataSet || !isMaliciousSiteSet) {
       return;
     }
@@ -15015,7 +15015,7 @@
       initialScreen: screen,
       opener,
       supportsInvalidCertsImplicitly: platform2.name !== "browser" && platform2.name !== "windows",
-      supportsMaliciousSiteWarning: platform2.name === "macos",
+      supportsMaliciousSiteWarning: platform2.name === "macos" || platform2.name === "ios",
       includeToggleOnBreakageForm,
       breakageScreen,
       randomisedCategories,
@@ -15205,7 +15205,7 @@
       if (!this.tab)
         return;
       const nextState = (() => {
-        if (this.features.supportsMaliciousSiteWarning && this.tab.maliciousSiteStatus) {
+        if (this.features.supportsMaliciousSiteWarning && typeof this.tab.maliciousSiteStatus === "object") {
           const { kind } = this.tab.maliciousSiteStatus;
           if (kind === "phishing" || kind === "malware") {
             return kind;

integration-tests/ios.spec-int.js

@@ -226,6 +226,7 @@ test.describe('temporary reporting flows', () => {
             await dash.mocks.calledForAlert('missingDescription');
         });
     });
+
     test('opens to category selection from primary screen when breakageScreen param is present', async ({ page }) => {
         const dash = await DashboardPage.webkit(page, { breakageScreen: 'categorySelection', platform: 'ios' });
         await dash.reducedMotion();
@@ -271,6 +272,49 @@ test.describe('temporary reporting flows', () => {
     });
 });
 
+test.describe('phishing & malware protection', () => {
+    test('phishing warning', { tag: '@screenshots' }, async ({ page }) => {
+        /** @type {DashboardPage} */
+        const dash = await DashboardPage.webkit(page, { platform: 'ios' });
+        await dash.addState([testDataStates.phishing]);
+        await dash.screenshot('phishing-warning.png');
+        await dash.hasPhishingIcon();
+        await dash.hasPhishingHeadingText();
+        await dash.hasPhishingWarningText();
+        await dash.hasPhishingStatusText();
+        await dash.connectionLinkDoesntShow();
+    });
+
+    test('malware warning', { tag: '@screenshots' }, async ({ page }) => {
+        /** @type {DashboardPage} */
+        const dash = await DashboardPage.webkit(page, { platform: 'ios' });
+        await dash.addState([testDataStates.malware]);
+        await dash.page.pause();
+        await dash.screenshot('malware-warning.png');
+        await dash.hasMalwareIcon();
+        await dash.hasMalwareHeadingText();
+        await dash.hasMalwareWarningText();
+        await dash.hasMalwareStatusText();
+        await dash.connectionLinkDoesntShow();
+    });
+
+    test('shows report as safe link', async ({ page }) => {
+        /** @type {DashboardPage} */
+        const dash = await DashboardPage.webkit(page, { platform: 'ios' });
+        await dash.addState([testDataStates.malware]);
+        await dash.clickReportAsSafeLink();
+        await dash.mocks.calledForReportAsSafeLink('https://privacy-test-pages.site/security/badware/malware.html');
+    });
+
+    test('shows help page link', async ({ page }) => {
+        /** @type {DashboardPage} */
+        const dash = await DashboardPage.webkit(page, { platform: 'ios' });
+        await dash.addState([testDataStates.malware]);
+        await dash.clickHelpPageLink();
+        await dash.mocks.calledForHelpPagesLink();
+    });
+});
+
 test.describe('screenshots', { tag: '@screenshots' }, () => {
     const states = [
         { name: '01', state: testDataStates.protectionsOn },

shared/js/browser/macos-communication.js

@@ -89,7 +89,7 @@ const resolveInitialRender = function () {
     const isIsProtectedSet = typeof protections !== 'undefined';
     const isTrackerBlockingDataSet = typeof trackerBlockingData === 'object';
     const isLocaleSet = typeof locale === 'string';
-    const isMaliciousSiteSet = isIOS() || (maliciousSiteStatus && maliciousSiteStatus.kind !== undefined);
+    const isMaliciousSiteSet = maliciousSiteStatus && maliciousSiteStatus.kind !== undefined;
     if (!isLocaleSet || !isUpgradedHttpsSet || !isIsProtectedSet || !isTrackerBlockingDataSet || !isMaliciousSiteSet) {
         return;
     }

shared/js/browser/utils/communication-mocks.mjs

@@ -50,7 +50,7 @@ export async function mockDataProvider(params) {
     window.onChangeLocale?.(state.localeSettings);
     window.onChangeRequestData(state.url, { requests: state.requests || [] });
 
-    if (platform?.name === 'macos') {
+    if (platform?.name === 'macos' || platform?.name === 'ios') {
         window.onChangeMaliciousSiteStatus?.(state.maliciousSiteStatus);
     }
 }

shared/js/ui/platform-features.mjs

@@ -82,7 +82,7 @@ export function createPlatformFeatures(platform) {
         initialScreen: screen,
         opener,
         supportsInvalidCertsImplicitly: platform.name !== 'browser' && platform.name !== 'windows',
-        supportsMaliciousSiteWarning: platform.name === 'macos',
+        supportsMaliciousSiteWarning: platform.name === 'macos' || platform.name === 'ios',
         includeToggleOnBreakageForm,
         breakageScreen,
         randomisedCategories,

v2/data-provider.js

@@ -176,7 +176,7 @@ export class DataChannel extends EventTarget {
 
         /** @type {import('../shared/js/ui/models/site.js').PublicSiteModel['httpsState']} */
         const nextState = (() => {
-            if (this.features.supportsMaliciousSiteWarning && this.tab.maliciousSiteStatus) {
+            if (this.features.supportsMaliciousSiteWarning && typeof this.tab.maliciousSiteStatus === 'object') {
                 const { kind } = this.tab.maliciousSiteStatus;
                 if (kind === 'phishing' || kind === 'malware') {
                     return kind;