From 206b2a4b9e833b35faaadcd82bbfd04f81f61dbb Mon Sep 17 00:00:00 2001
From: "jwalden%mit.edu" <jwalden%mit.edu@18797224-902f-48f8-a5cc-f745e15eee43>
Date: Wed, 16 Aug 2006 07:23:53 +0000
Subject: [PATCH] Bug 346942 - Finalize anti-phishing UI, part 2.  This gets
 rid of the stupid dialog we had before.  Parts of patch courtesy of Tony
 Chang, rest was me, r=mconnor

git-svn-id: svn://10.0.0.236/trunk@207566 18797224-902f-48f8-a5cc-f745e15eee43
---
 mozilla/browser/app/profile/firefox.js        |   3 +
 mozilla/browser/components/preferences/jar.mn |   3 +
 .../components/preferences/phishEULA.js       | 157 ++++++++++++++++++
 .../components/preferences/phishEULA.xhtml    |  16 ++
 .../components/preferences/phishEULA.xul      |  76 +++++++++
 .../components/preferences/security.js        | 110 ++++++++----
 .../components/preferences/security.xul       |   6 +-
 .../chrome/browser/preferences/phishEULA.dtd  |  14 ++
 .../preferences/preferences.properties        |  14 +-
 .../chrome/browser/safebrowsing/eula.dtd      |  17 ++
 mozilla/browser/locales/jar.mn                |   6 +-
 11 files changed, 375 insertions(+), 47 deletions(-)
 create mode 100644 mozilla/browser/components/preferences/phishEULA.js
 create mode 100644 mozilla/browser/components/preferences/phishEULA.xhtml
 create mode 100644 mozilla/browser/components/preferences/phishEULA.xul
 create mode 100644 mozilla/browser/locales/en-US/chrome/browser/preferences/phishEULA.dtd
 create mode 100644 mozilla/browser/locales/en-US/chrome/browser/safebrowsing/eula.dtd

diff --git a/mozilla/browser/app/profile/firefox.js b/mozilla/browser/app/profile/firefox.js
index d1597c621e2..45db4310b8c 100644
--- a/mozilla/browser/app/profile/firefox.js
+++ b/mozilla/browser/app/profile/firefox.js
@@ -509,6 +509,9 @@ pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrow
 pref("browser.safebrowsing.provider.0.keyURL", "https://www.google.com/safebrowsing/getkey?");
 pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
 
+// privacy policy -- must be chrome URL
+pref("browser.safebrowsing.provider.0.privacy.url", "chrome://browser/content/preferences/phishEULA.xhtml");
+
 // HTML report pages
 pref("browser.safebrowsing.provider.0.reportGenericURL", "http://www.mozilla.org/projects/bonecho/anti-phishing/report_general/?hl={moz:locale}");
 pref("browser.safebrowsing.provider.0.reportErrorURL", "http://www.mozilla.org/projects/bonecho/anti-phishing/report_error/?hl={moz:locale}");
diff --git a/mozilla/browser/components/preferences/jar.mn b/mozilla/browser/components/preferences/jar.mn
index e7a9c4909f8..35e133f1e70 100644
--- a/mozilla/browser/components/preferences/jar.mn
+++ b/mozilla/browser/components/preferences/jar.mn
@@ -25,6 +25,9 @@ browser.jar:
 *   content/browser/preferences/permissions.xul
 *   content/browser/preferences/permissions.js
 *   content/browser/preferences/permissionsutils.js
+*   content/browser/preferences/phishEULA.xul
+*   content/browser/preferences/phishEULA.js
+*   content/browser/preferences/phishEULA.xhtml
 *   content/browser/preferences/preferences.xul
 *   content/browser/preferences/privacy.xul
 *   content/browser/preferences/privacy.js
diff --git a/mozilla/browser/components/preferences/phishEULA.js b/mozilla/browser/components/preferences/phishEULA.js
new file mode 100644
index 00000000000..bd85e201b5e
--- /dev/null
+++ b/mozilla/browser/components/preferences/phishEULA.js
@@ -0,0 +1,157 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is Firefox Anti-Phishing Support.
+ *
+ * The Initial Developer of the Original Code is
+ * Mozilla Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 2006
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Jeff Walden <jwalden+code@mit.edu>   (original author)
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+/**
+ * gPhishDialog controls the user interface for displaying the privacy policy of
+ * an anti-phishing provider. 
+ * 
+ * The caller (gSecurityPane._userAgreedToPhishingEULA in main.js) invokes this
+ * dialog with a single argument - a reference to an object with .providerNum
+ * and .userAgreed properties.  This code displays the dialog for the provider
+ * as dictated by .providerNum and loads the policy.  When that load finishes,
+ * the OK button is enabled and the user can either accept or decline the
+ * agreement (a choice which is communicated by setting .userAgreed to true if
+ * the user did indeed agree).
+ */ 
+var gPhishDialog = {
+  /**
+   * The nsIWebProgress object associated with the privacy policy frame.
+   */
+  _webProgress: null,
+
+  /**
+   * Initializes UI and starts the privacy policy loading.
+   */
+  init: function ()
+  {
+    const Cc = Components.classes, Ci = Components.interfaces;
+
+    var providerNum = window.arguments[0].providerNum;
+
+    var phishBefore = document.getElementById("phishBefore");
+    var phishAfter = document.getElementById("phishAfter");
+
+    var prefb = Cc["@mozilla.org/preferences-service;1"].
+                getService(Ci.nsIPrefService).
+                getBranch("browser.safebrowsing.provider.");
+
+    // init before-frame and after-frame strings
+    // note that description only wraps when the string is the element's
+    // *content* and *not* when it's the value attribute
+    var providerName = prefb.getCharPref(providerNum + ".name");
+    var strings = document.getElementById("bundle_phish");
+    phishBefore.textContent = strings.getFormattedString("phishBefore", [providerName]);
+    phishAfter.textContent = strings.getFormattedString("phishAfter", [providerName]);
+
+    // guaranteed to be present, because only providers with privacy policies
+    // are displayed in the prefwindow
+    var privacyURL = prefb.getComplexValue(providerNum + ".privacy.url", Ci.nsISupportsString).data;
+
+    // add progress listener to enable OK when page loads
+    var frame = document.getElementById("phishPolicyFrame");
+    var webProgress = frame.docShell
+                           .QueryInterface(Ci.nsIInterfaceRequestor)
+                           .getInterface(Ci.nsIWebProgress);
+    webProgress.addProgressListener(this._progressListener,
+                                    Ci.nsIWebProgress.NOTIFY_STATE_WINDOW);
+
+    this._webProgress = webProgress; // for easy use later
+
+    // start loading the privacyURL
+    const loadFlags = Ci.nsIWebNavigation.LOAD_FLAGS_NONE;
+    frame.webNavigation.loadURI(privacyURL, loadFlags, null, null, null);
+  },
+
+  /**
+   * The nsIWebProgressListener used to watch the status of the load of the
+   * privacy policy; enables the OK button when the load completes.
+   */
+  _progressListener:
+  {
+    onStateChange: function (aWebProgress, aRequest, aStateFlags, aStatus)
+    {
+      // enable the OK button when the request completes
+      const Ci = Components.interfaces, Cr = Components.results;
+      if ((aStateFlags & Ci.nsIWebProgressListener.STATE_STOP) &&
+          (aStateFlags & Ci.nsIWebProgressListener.STATE_IS_WINDOW)) {
+        // XXX check for load failure here!
+        document.documentElement.getButton("accept").disabled = false;
+      }
+    },
+    
+    onProgressChange: function(aWebProgress, aRequest, aCurSelfProgress,
+                               aMaxSelfProgress, aCurTotalProgress,
+                               aMaxTotalProgress)
+    {
+    },
+
+    onStatusChange : function(aWebProgress, aRequest, aStatus, aMessage)
+    {
+    },
+
+    QueryInterface : function(aIID)
+    {
+      const Ci = Components.interfaces;
+      if (aIID.equals(Ci.nsIWebProgressListener) ||
+          aIID.equals(Ci.nsISupportsWeakReference) ||
+          aIID.equals(Ci.nsISupports))
+        return this;
+      throw Components.results.NS_NOINTERFACE;
+    }
+  },
+
+  /**
+   * Signals that the user accepted the privacy policy by setting the window
+   * arguments appropriately.  Note that this does *not* change preferences;
+   * the opener of this dialog handles that.
+   */
+  accept: function ()
+  {
+    window.arguments[0].userAgreed = true;
+  },
+
+  /**
+   * Clean up any XPCOM-JS cycles we may have created.
+   */
+  uninit: function ()
+  {
+    // overly aggressive, but better safe than sorry
+    this._webProgress.removeProgressListener(this._progressListener);
+    this._progressListener = this._webProgress = null;
+  }
+};
diff --git a/mozilla/browser/components/preferences/phishEULA.xhtml b/mozilla/browser/components/preferences/phishEULA.xhtml
new file mode 100644
index 00000000000..08b342c41e4
--- /dev/null
+++ b/mozilla/browser/components/preferences/phishEULA.xhtml
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="utf-8"?>
+
+<!DOCTYPE html [
+  <!ENTITY % htmlDTD
+    PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
+    "DTD/xhtml1-strict.dtd">
+  %htmlDTD;
+  <!ENTITY % phisheulaDTD
+    SYSTEM "chrome://browser/locale/safebrowsing/eula.dtd">
+  %phisheulaDTD;
+]>
+
+<html id="phish-eula"
+      xmlns="http://www.w3.org/1999/xhtml">
+  <body>&phish.eulatext;</body>
+</html>
diff --git a/mozilla/browser/components/preferences/phishEULA.xul b/mozilla/browser/components/preferences/phishEULA.xul
new file mode 100644
index 00000000000..9cad7e96e14
--- /dev/null
+++ b/mozilla/browser/components/preferences/phishEULA.xul
@@ -0,0 +1,76 @@
+<?xml version="1.0"?>
+
+# -*- Mode: Java; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+# ***** BEGIN LICENSE BLOCK *****
+# Version: MPL 1.1/GPL 2.0/LGPL 2.1
+#
+# The contents of this file are subject to the Mozilla Public License Version
+# 1.1 (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+# http://www.mozilla.org/MPL/
+#
+# Software distributed under the License is distributed on an "AS IS" basis,
+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+# for the specific language governing rights and limitations under the
+# License.
+#
+# The Original Code is the Firefox Preferences System.
+#
+# The Initial Developer of the Original Code is
+# Mozilla Corporation.
+# Portions created by the Initial Developer are Copyright (C) 2006
+# the Initial Developer. All Rights Reserved.
+#
+# Contributor(s):
+#   Jeff Walden <jwalden+bmo@mit.edu>       (original author)
+#
+# Alternatively, the contents of this file may be used under the terms of
+# either the GNU General Public License Version 2 or later (the "GPL"), or
+# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+# in which case the provisions of the GPL or the LGPL are applicable instead
+# of those above. If you wish to allow use of your version of this file only
+# under the terms of either the GPL or the LGPL, and not to allow others to
+# use your version of this file under the terms of the MPL, indicate your
+# decision by deleting the provisions above and replace them with the notice
+# and other provisions required by the GPL or the LGPL. If you do not delete
+# the provisions above, a recipient may use your version of this file under
+# the terms of any one of the MPL, the GPL or the LGPL.
+#
+# ***** END LICENSE BLOCK *****
+
+<?xml-stylesheet href="chrome://global/skin/"?>
+
+<!DOCTYPE dialog SYSTEM "chrome://browser/locale/preferences/phishEULA.dtd">
+
+<dialog id="phishDialog"
+        xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
+        title="&phishDialog.title;"
+        style="width: &phishDialog.width;; height: &phishDialog.height;;"
+        persist="screenX screenY width height"
+        onload="gPhishDialog.init();"
+        onunload="gPhishDialog.uninit();"
+        ondialogaccept="gPhishDialog.accept();"
+        buttonlabelaccept="&accept.label;"
+        buttonlabelcancel="&cancel.label;"
+        buttondisabledaccept="true">
+
+  <stringbundle id="bundle_phish"
+                src="chrome://browser/locale/preferences/preferences.properties"/>
+  <script type="application/javascript"
+          src="chrome://browser/content/preferences/phishEULA.js"/>
+
+  <description id="phishBefore"/>
+
+  <separator class="thin"/>
+
+  <vbox id="phishPolicy" flex="1">
+    <iframe id="phishPolicyFrame" type="content" flex="1" src=""/>
+  </vbox>
+
+  <separator class="thin"/>
+
+  <description id="phishAfter"/>
+
+  <separator class="thin"/>
+
+</dialog>
diff --git a/mozilla/browser/components/preferences/security.js b/mozilla/browser/components/preferences/security.js
index 107cffabd6d..3ec942c9df8 100644
--- a/mozilla/browser/components/preferences/security.js
+++ b/mozilla/browser/components/preferences/security.js
@@ -144,36 +144,43 @@ var gSecurityPane = {
 
   /**
    * Displays the currently-used phishing provider's EULA and offers the user
-   * the choice of cancelling the enabling of phishing.
+   * the choice of cancelling the enabling of phishing, but only if the user has
+   * not previously agreed to the provider's EULA before.
    *
+   * @param   providerNum
+   *          the number of the provider whose policy should be displayed
    * @returns bool
    *          true if the user still wants to enable phishing protection with
    *          the current provider, false otherwise
    */
-  _userAgreedToPhishingEULA: function ()
+  _userAgreedToPhishingEULA: function (providerNum)
   {
-    // XXX this is hackish, and there's no nice URL support -- window with
-    //     HTML file provided by anti-phishing provider later?
+    // create the opt-in preference element for the provider
+    const prefName = "browser.safebrowsing.provider." +
+                     providerNum +
+                     ".privacy.optedIn";
+    var pref = document.createElement("preference");
+    pref.setAttribute("type", "bool");
+    pref.id = prefName;
+    pref.setAttribute("name", prefName);
+    document.getElementById("securityPreferences").appendChild(pref);
 
-    // XXX cache the EULAs to which the user has agreed so switching from
-    //     "foo"->"bar" shows the EULA, but then a "bar"->"foo" check
-    //     doesn't display the EULA again
+    // only show privacy policy if it hasn't already been shown or the user
+    // hasn't agreed to it
+    if (!pref.value) {
+      var rv = { userAgreed: false, providerNum: providerNum };
+      document.documentElement.openSubDialog("chrome://browser/content/preferences/phishEULA.xul",
+                                             "resizable", rv);
 
-    const Cc = Components.classes, Ci = Components.interfaces;
-    const IPS = Ci.nsIPromptService;
-    var ips = Cc["@mozilla.org/embedcomp/prompt-service;1"]
-                .getService(IPS);
-    var bundle = document.getElementById("bundlePreferences");
-    var btnPressed = ips.confirmEx(window,
-                                   bundle.getString("phishEULATitle"),
-                                   bundle.getString("phishEULAText"),
-                                   IPS.BUTTON_POS_0 * IPS.BUTTON_TITLE_IS_STRING +
-                                     IPS.BUTTON_POS_1 * IPS.BUTTON_TITLE_IS_STRING,
-                                   bundle.getString("phishEULAOK"),
-                                   bundle.getString("phishEULACancel"),
-                                   "",
-                                   "", {});
-    return (btnPressed == 0);
+      // mark this provider as having had its privacy policy accepted if it was
+      if (rv.userAgreed)
+        pref.value = true;
+
+      return rv.userAgreed;
+    }
+
+    // user has previously agreed
+    return true;
   },
 
   /**
@@ -202,9 +209,11 @@ var gSecurityPane = {
   writePhishChoice: function ()
   {
     var radio = document.getElementById("checkPhishChoice");
+    var provider = document.getElementById("browser.safebrowsing.dataProvider");
 
     // display a privacy policy if onload checking is being enabled
-    if (radio.value == "true" && !this._userAgreedToPhishingEULA()) {
+    if (radio.value == "true" &&
+        !this._userAgreedToPhishingEULA(provider.value)) {
       radio.value = "false";
       return false;
     }
@@ -224,32 +233,62 @@ var gSecurityPane = {
     var popup = document.getElementById(onloadPopupId);
 
     if (!popup) {
-      var providers = Cc["@mozilla.org/preferences-service;1"]
-                        .getService(Ci.nsIPrefService)
-                        .getBranch("browser.safebrowsing.provider.");
+      var providerBranch = Cc["@mozilla.org/preferences-service;1"]
+                             .getService(Ci.nsIPrefService)
+                             .getBranch("browser.safebrowsing.provider.");
 
-      // fill in onload phishing list data
-      var kids = providers.getChildList("", {});
+      // fill in onload phishing list data -- but require a privacy policy
+      // URL be provided, and require it to be at a chrome URL so it's always
+      // available
+      var kids = providerBranch.getChildList("", {});
+      var providers = [];
+      var hasPrivacyPolicy = {};
       for (var i = 0; i < kids.length; i++) {
         var curr = kids[i];
-        var matches = curr.match(/^(\d+)\.name$/);
+        var matchesName = curr.match(/^(\d+)\.name$/);
+        var matchesPolicy = curr.match(/^(\d+)\.privacy\.url$/);
 
-        // skip preferences not of form "##.name"
-        if (!matches)
+        // skip preferences which aren't names or privacy URLs
+        if (!matchesName && !matchesPolicy)
           continue;
 
+        if (matchesName)
+          providers.push(matchesName[1]);
+        else
+          hasPrivacyPolicy[matchesPolicy[1]] = true;
+      }
+
+      // construct the menu only from the providers with policies
+      for (var i = 0; i < providers.length; i++) {
+        // skip providers without a privacy policy
+        if (!(providers[i] in hasPrivacyPolicy))
+          continue;
+
+        // ensure privacy URL is a chrome URL
+        try {
+          var providerNum = providers[i];
+          var url = providerBranch.getCharPref(providerNum + ".privacy.url");
+          var scheme = Cc["@mozilla.org/network/io-service;1"].
+                       getService(Ci.nsIIOService).
+                       extractScheme(url);
+          if (scheme != "chrome")
+            throw "scheme must be chrome";
+        }
+        catch (e) {
+          // don't add this provider
+          continue;
+        }
+
         if (!popup) {
           popup = document.createElement("menupopup");
           popup.id = onloadPopupId;
         }
 
-        var providerNum = matches[1];
-        var providerName = providers.getCharPref(curr);
+        var providerName = providerBranch.getCharPref(providerNum + ".name");
 
         var item = document.createElement("menuitem");
         item.setAttribute("value", providerNum);
         item.setAttribute("label", providerName);
-
         popup.appendChild(item);
       }
 
@@ -267,7 +306,8 @@ var gSecurityPane = {
    */
   onProviderChanged: function ()
   {
-    if (!this._userAgreedToPhishingEULA()) {
+    var pref = document.getElementById("browser.safebrowsing.dataProvider");
+    if (!this._userAgreedToPhishingEULA(pref.value)) {
       this._disableOnloadPhishChecks();
     }
   },
diff --git a/mozilla/browser/components/preferences/security.xul b/mozilla/browser/components/preferences/security.xul
index 7a5ce078abb..c9239c0c6b5 100644
--- a/mozilla/browser/components/preferences/security.xul
+++ b/mozilla/browser/components/preferences/security.xul
@@ -50,14 +50,16 @@
   <prefpane id="paneSecurity" onpaneload="gSecurityPane.init();"
             helpTopic="prefs-security" helpURI="chrome://browser/locale/help/help.rdf">
 
-    <preferences>
+    <preferences id="securityPreferences">
       <!-- XXX buttons -->
       <preference id="pref.privacy.disable_button.view_passwords"
                   name="pref.privacy.disable_button.view_passwords"
                   type="bool"/>
 
       <!-- Add-ons, phishing -->
-      <preference id="xpinstall.whitelist.required"   name="xpinstall.whitelist.required"   type="bool"/>
+      <preference id="xpinstall.whitelist.required"
+                  name="xpinstall.whitelist.required"
+                  type="bool"/>
       <preference id="browser.safebrowsing.enabled"
                   name="browser.safebrowsing.enabled"
                   type="bool"/>
diff --git a/mozilla/browser/locales/en-US/chrome/browser/preferences/phishEULA.dtd b/mozilla/browser/locales/en-US/chrome/browser/preferences/phishEULA.dtd
new file mode 100644
index 00000000000..ddb40b6aeab
--- /dev/null
+++ b/mozilla/browser/locales/en-US/chrome/browser/preferences/phishEULA.dtd
@@ -0,0 +1,14 @@
+<!ENTITY phishDialog.title  "Phishing Protection Privacy Agreement">
+
+<!-- LOCALIZATION NOTE:
+     The following entities contain sizing information for the phishing privacy
+     agreement dialog, which is opened when you select the "Check by asking"
+     option as how the browser checks for phishing attempts (if you haven't
+     already agreed with the policy for that provider; once you agree to a
+     provider's policy, you don't see it again).
+-->
+<!ENTITY phishDialog.height   "35em">
+<!ENTITY phishDialog.width    "35em">
+
+<!ENTITY accept.label         "Accept and Continue">
+<!ENTITY cancel.label         "Cancel">
diff --git a/mozilla/browser/locales/en-US/chrome/browser/preferences/preferences.properties b/mozilla/browser/locales/en-US/chrome/browser/preferences/preferences.properties
index 21580cdbe7a..c6fe5c60295 100644
--- a/mozilla/browser/locales/en-US/chrome/browser/preferences/preferences.properties
+++ b/mozilla/browser/locales/en-US/chrome/browser/preferences/preferences.properties
@@ -16,14 +16,12 @@ addReader=Add New Reader...
 
 #### Security
 
-# LOCALIZATION NOTE:
-#   the next strings (phishEULATitle and phishEULAText) are here for b1 only;
-#   don't bother localizing them unless you've localized everything else,
-#   because they're going away because this is clearly a gross hack
-phishEULATitle=Anti-Phishing Privacy Policy
-phishEULAText=If you choose Google as your provider for Safe Browsing in Enhanced Protection mode, Google will receive the URLs of pages you visit for evaluation.  When you click to accept, reject, or close the warning message that Safe Browsing gives you about a suspicious page, Google will log your action and the URL of the page.  Google will receive standard log information <http://www.google.com/privacy_faq.html#serverlogs>, including a cookie, as part of this process.  Google will not associate the information that Safe Browsing logs with other personal information about you. However, it is possible that a URL sent to Google may itself contain personal information.  Please see the Google Privacy Policy <http://www.google.com/privacypolicy.html> for more information.  Do you wish to use Google as your Safe Browsing provider?
-phishEULACancel=Disable Safe Browsing
-phishEULAOK=Use Google
+# LOCALIZATION NOTE: phishBefore and phishAfter use %S to represent the name of
+#                    the provider whose privacy policy must be accepted (for
+#                    enabling check-every-page-as-I-load-it phishing
+#                    protection).
+phishBefore=Selecting this option will send the address of web pages you are viewing to %S. To continue, please review the following privacy agreement:
+phishAfter=Do you want to accept this privacy agreement and ask %S about each site you visit?
 
 setMasterPassword=Set Master Password...
 setMasterPassword_accesskey=M
diff --git a/mozilla/browser/locales/en-US/chrome/browser/safebrowsing/eula.dtd b/mozilla/browser/locales/en-US/chrome/browser/safebrowsing/eula.dtd
new file mode 100644
index 00000000000..6e02301cb51
--- /dev/null
+++ b/mozilla/browser/locales/en-US/chrome/browser/safebrowsing/eula.dtd
@@ -0,0 +1,17 @@
+<!ENTITY phish.eulatext "If you choose to check with Google about each site
+you visit, Google will receive the URLs of pages you visit for evaluation. 
+When you click to accept, reject, or close the warning message that Phishing
+Protection gives you about a suspicious page, Google will log your action
+and the URL of the page.  Google will receive standard
+<a href='http://www.google.com/privacy_faq.html#serverlogs'
+   onclick='window.open(this.href);return false;'>log information</a>,
+including a cookie, as part of this process.  Google will not associate the
+information that Phishing Protection logs with other personal information
+about you. However, it is possible that a
+<a href='http://www.google.com/privacy_faq.html#urls'
+   onclick='window.open(this.href);return false;'>URL</a> sent to Google may
+itself contain personal information.  Please see the
+<a href='http://www.google.com/privacypolicy.html'
+   onclick='window.open(this.href);return false;'>Google Privacy Policy</a>
+for more information.
+">
diff --git a/mozilla/browser/locales/jar.mn b/mozilla/browser/locales/jar.mn
index 2b598ee9662..7c39dc062a7 100644
--- a/mozilla/browser/locales/jar.mn
+++ b/mozilla/browser/locales/jar.mn
@@ -40,8 +40,9 @@
 *   locale/browser/bookmarks/bookmarksProperties.dtd (%chrome/browser/bookmarks/bookmarksProperties.dtd)
 #endif
 #ifdef MOZ_SAFE_BROWSING
-     locale/browser/safebrowsing/phishing-afterload-warning-message.dtd (%chrome/browser/safebrowsing/phishing-afterload-warning-message.dtd)
-     locale/browser/safebrowsing/report-phishing.dtd                    (%chrome/browser/safebrowsing/report-phishing.dtd)
+    locale/browser/safebrowsing/phishing-afterload-warning-message.dtd (%chrome/browser/safebrowsing/phishing-afterload-warning-message.dtd)
+    locale/browser/safebrowsing/report-phishing.dtd                    (%chrome/browser/safebrowsing/report-phishing.dtd)
+    locale/browser/safebrowsing/eula.dtd                               (%chrome/browser/safebrowsing/eula.dtd)
 #endif
 #ifdef MOZ_FEEDS
     locale/browser/feeds/subscribe.dtd              (%chrome/browser/feeds/subscribe.dtd)
@@ -65,6 +66,7 @@
     locale/browser/preferences/main.dtd               (%chrome/browser/preferences/main.dtd)
     locale/browser/preferences/languages.dtd          (%chrome/browser/preferences/languages.dtd)
     locale/browser/preferences/permissions.dtd        (%chrome/browser/preferences/permissions.dtd)
+    locale/browser/preferences/phishEULA.dtd          (%chrome/browser/preferences/phishEULA.dtd)
     locale/browser/preferences/preferences.dtd        (%chrome/browser/preferences/preferences.dtd)
     locale/browser/preferences/preferences.properties (%chrome/browser/preferences/preferences.properties)
     locale/browser/preferences/privacy.dtd            (%chrome/browser/preferences/privacy.dtd)