Fix back navigation and omnibar text

[CrisBarreiro]

Task/Issue URL: https://app.asana.com/0/72649045549333/1209457528786121

Description

Fixes the following issues:

• URL on the omnibar isn't correctly updated for local blocks
  • when navigating to a malicious site from a link in a safe one, URL for error page isn't updated in the omnibar
  • when opening a malicious site from the omnibar in a safe page, and navigating back from the error, the URL on the omnibar isn't updated and the safe site displays the malicious site URL
• Cookie prompt pop-up from previous site can be seen in error page
• Omnibar icon in error page highlighted during onboarding
• Search icon shown on accept risk and visit site
• Restrict menu items for error page
  • Show a subset of menu items for malicious site error page, similar to the one we show in the home page, so that users can't save the error page as a bookmark/favorite, print it, fireproof, find in page, etc.

Steps to test this PR

Run all test cases from new tab page

1

• Open wikipedia.org
• Open https://privacy-test-pages.site/security/badware/phishing.html, check the omnibar URL is correct
• Navigate back
• Notice wikipedia is loaded with the right omnibar text and icon, even after reload

2

• Open reddit.com
• Once the trackers animation starts to show, navigate to https://privacy-test-pages.site/security/badware/phishing.html
• Check the omnibar URL is https://privacy-test-pages.site/security/badware/phishing.html
• Check trackers animation isn't shown in error page

3

• Open cnn.com
• Open https://privacy-test-pages.site/security/badware/phishing.html
• Check no cookies animation is shown on the error page

4

• Open https://privacy-test-pages.site/security/badware/phishing.html
• Click learn more
• Navigate back
• Check omnibar isn't focused when navigating back and showing error page

5

• Open https://privacy-test-pages.site/security/badware/
• Navigate to Standard Phishing Page
• Check Globe icon is shown
• Check the omnibar URL is https://privacy-test-pages.site/security/badware/phishing.html
• Check menu items don't allow to add bookmark, print, or disable protections

6

• Open wikipedia.org
• Go to tab switcher, check there's a preview for Wikipedia with the Wikipedia favicon
• Open https://privacy-test-pages.site/security/badware/phishing.html
• Wait for the error page to show
• Open tab switcher
• Check there's no preview anymore, and the Wikipedia favicon has disappeared

7

• Navigate to https://privacy-test-pages.site/security/badware/phishing.html
• Accept the risk and visit site
• Check when the page loads, the omnibar icon is a red dot
• Refresh the page
• Check the omnibar icon remains a red dot
• Navigate to reddit.com
• Check privacy shield is shown

8

• Open wikipedia.org
• Navigate to https://privacy-test-pages.site/security/badware/phishing.html
• Accept the risk and visit site
• Check when the page loads, the omnibar icon is a red dot
• Refresh the page
• Check the omnibar icon remains a red dot
• Navigate to reddit.com
• Check privacy shield is shown

9

• Open wikipedia.org
• Navigate to https://privacy-test-pages.site/security/badware/phishing.html
• Navigate to reddit.com
• Check reddit is loaded normally

10

• Open reddit.com
• Navigate to https://privacy-test-pages.site/security/badware/phishing.html
• Accept the risk and visit site
• Check when the page loads, the omnibar icon is a red dot. Note: You might see the trackers blocked animation
• Refresh the page
• Check the omnibar icon remains a red dot
• Navigate to wikipedia.com
• Check privacy shield is shown

11

• Open reddit.com
• Navigate to https://privacy-test-pages.site/security/badware/phishing.html
• Navigate to wikipedia.com
• Check wikipedia is loaded normally

12

• Fresh install the app
• Complete the onboarding until a site with trackers is loaded
• Load https://privacy-test-pages.site/security/badware/phishing.html
• Check no omnibar icons are highlighted

13

• Open wikipedia.org
• Navigate to https://privacy-test-pages.site/security/badware/phishing.html
• Accept risk and visit site
• Navigate back
• Check correct privacy shield icon is shown for wikipedia

[CrisBarreiro]

• Fix back navigation and omnibar text #5656 👈 (View in Graphite)
• develop

This stack of pull requests is managed by Graphite. Learn more about stacking.

[cmonfortep]

Good job here @CrisBarreiro Most of the issues are gone and I like you moved into the viewmodel some checks we were doing in the UI.

Your test cases worked well, however found 2 issues we should look into. I will post a video in the Asana task.

[cmonfortep]

am I right to think in the future we might check any error instead of just malicious Site blocked? If so, let's just leave a comment indicating that. Example: "currently only checking maliciousSiteBlocked, but we could expand logic to other errors"

[CrisBarreiro]

I don't know. I did it this way cause I didn't want the keyboard to show on this specific error, but didn't want to change the behavior for other error pages. That being said, I plan to refactor BrowserViewState in the future and have a single sealed class for status, rather than individual booleans that shouldn't all be true at the same time, but that we don't enforce in any way

[cmonfortep]

Haven't tested yet, but If we hide waning, we could also update the privacy shield status to avoid showing the red warning until next page loads.

[CrisBarreiro]

Added to recoverFromWarningPage()

[cmonfortep]

Apart from warning about something observed while implementing malicious sites, it's not fully clear to me what's the expectation here, or if this will be clear to everyone.
"Calling this method when an error page is shown might cause unexpected issues" is it about calling this when error is shown or calling this if we have blocked the request?
"Specifically, malicious site protection might prevent a page load from starting altogether, which means by stopping the WebView, we're effectively stopping the load for the previously loaded page. " This is our scenario, but does the same apply to other errors? For example, I assume SSL this is not a problem. If this is correct, being more specific about the issue could be more useful. For example does it apply to all errors or only those which stop page loading? is it same blocking vs stopping once it has started? Do we have a suggestion on what's the right way to handle this?

[CrisBarreiro]

Apart from warning about something observed while implementing malicious sites, it's not fully clear to me what's the expectation here, or if this will be clear to everyone.

The expectation here is to not make this method public in the API anymore, so we can't call it directly from the Fragment or WebView client

"Calling this method when an error page is shown might cause unexpected issues" is it about calling this when error is shown or calling this if we have blocked the request?

This is about calling this method when we block a request locally, before onPageStarted has been executed. One of the steps we take when blocking a request (locally or not) is to stop the WebView client, which triggers onStop and onProgressChanged callbacks for the previous page (the one that's currently loaded in the WebView, because the malicious one never went that far). This creates an inconsistent state, which is what I'm trying to prevent.

"Specifically, malicious site protection might prevent a page load from starting altogether, which means by stopping the WebView, we're effectively stopping the load for the previously loaded page. " This is our scenario, but does the same apply to other errors? For example, I assume SSL this is not a problem.

This isn't an issue for other errors, because we never block the request before leaving the device in such cases, and the same happens if we block a site after it's already been loaded

I'll revisit the comment to be more specific

[cmonfortep]

I'm trying to understand why the check is here.
In other similar methods like updatePrivacyProtectionState we don't have it.
Also privacyProtectionDisabled will be true if site is blocked, which for me that represents privacy protections enabled. can you elaborate why this check?

[CrisBarreiro]

val privacyProtectionDisabled, which I'm assigning here, is what's used to then assign privacyOn in LoadingViewState. privacyOn is then used to determine whether or not the trackers blocked animation needs to be shown. Therefore, if maliciousSiteBlocked (which could be renamed to maliciousSiteWarningShowing), we need to set privacyOn to false. For clarity, I've renamed privacyOn to trackersAnimationEnabled

In other similar methods like updatePrivacyProtectionState we don't have it.

updatePrivacyProtectionState is meant to update isPrivacyProtectionDisabled, which is only used to display the entry to enable/disable protections in the context menu, and we're hiding that entry

Also privacyProtectionDisabled will be true if site is blocked, which for me that represents privacy protections enabled. can you elaborate why this check?

The why is explained above, but I can update the naming

[cmonfortep]

This methods seems to be the exception, as it's the only one not checking if (!currentBrowserViewState().maliciousSiteBlocked). why?

[CrisBarreiro]

Because this means the WebView is actually starting to load the page, as opposed to the page being loaded before it starts to load

[cmonfortep]

You have BrowserStateModifier.copyForHomeShowing, you can rely on that for most of the state changes, add yours there, etc.

[cmonfortep]

NIT: this can be extracted into ViewState as

data class ViewState(
    // ... properties ...
) {
        fun shouldUpdateOmnibarText(): Boolean {
            return this.viewMode is ViewMode.Browser || this.viewMode is ViewMode.MaliciousSiteWarning
        }
}