This CL makes the safe browsing interstitial page support multiple unsafe resources in one page.

We had a bug when an interstitial was showing and another unsafe resource was detected. We would show another interstitial on top of the original one, causing the DontProceed method to be invoked several times. That would cause us to remove more than once an entry from the navigation controller and cause crashers.

With this new CL, if an interstitial shows and a new resource is flagged as bad, the SafeBrowsingBlockingPage will queue that notification. If the user decides to proceed through the interstitial, we'll create another interstitial warning about all the unsafe resources we have received so far.

This CL also contains a fix for a crasher that would happen when closing a tab with a safe browsing interstitial.

BUG=5916,6207,6306
TEST=Test all actions in the interstitial you get when opening pages with the followin scenarios:
- Main page is malware
- Main page is fishing
- Main page is OK contains resources (images,iframes...) which are malware
- Main page is OK contains resources (images,iframes...) which are phishing
- Main page is OK contains resources (images,iframes...) some of them phishing, some of then malware.
Note that when there are more than one bad resource, it is normal to see a 1st interstitial, then another one listing all the other bad resources.
(ex of malware site http://ianfette.org, phishing site http://cvisit.tripod.com)
Review URL: http://codereview.chromium.org/18346

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@8578 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 324 insertions, 109 deletions

diff --git a/chrome/browser/safe_browsing/safe_browsing_blocking_page.cc b/chrome/browser/safe_browsing/safe_browsing_blocking_page.cc
index 4d34450..c6b6feb 100644
--- a/chrome/browser/safe_browsing/safe_browsing_blocking_page.cc
+++ b/chrome/browser/safe_browsing/safe_browsing_blocking_page.cc
@@ -6,6 +6,7 @@
 
 #include "chrome/browser/safe_browsing/safe_browsing_blocking_page.h"
 
+#include "base/string_util.h"
 #include "chrome/app/locales/locale_settings.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/browser_resources.h"
@@ -38,23 +39,25 @@ static const char* const kSbReportPhishingUrl =
     "http://www.google.com/safebrowsing/report_error/";
 
 static const wchar_t* const kSbDiagnosticHtml =
-    L"<a href=\"\" onClick=\"sendCommand(4); return false;\" onMouseDown=\"return false;\">%ls</a>";
+    L"<a href=\"\" onClick=\"sendCommand('showDiagnostic'); return false;\" onMouseDown=\"return false;\">%ls</a>";
+
+// The commands returned by the page when the user performs an action.
+static const char* const kShowDiagnosticCommand = "showDiagnostic";
+static const char* const kReportErrorCommand = "reportError";
+static const char* const kLearnMoreCommand = "learnMore";
+static const char* const kProceedCommand = "proceed";
+static const char* const kTakeMeBackCommand = "takeMeBack";
 
 SafeBrowsingBlockingPage::SafeBrowsingBlockingPage(
     SafeBrowsingService* sb_service,
-    const SafeBrowsingService::BlockingPageParam& param)
-    : InterstitialPage(tab_util::GetWebContentsByID(
-          param.render_process_host_id, param.render_view_id),
-                       param.resource_type == ResourceType::MAIN_FRAME,
-                       param.url),
+    WebContents* web_contents,
+    const UnsafeResourceList& unsafe_resources)
+    : InterstitialPage(web_contents,
+                       IsMainPage(unsafe_resources),
+                       unsafe_resources[0].url),
       sb_service_(sb_service),
-      client_(param.client),
-      render_process_host_id_(param.render_process_host_id),
-      render_view_id_(param.render_view_id),
-      result_(param.result),
-      proceed_(false),
-      did_notify_(false),
-      is_main_frame_(param.resource_type == ResourceType::MAIN_FRAME) {
+      unsafe_resources_(unsafe_resources),
+      is_main_frame_(IsMainPage(unsafe_resources)) {
   if (!is_main_frame_) {
     navigation_entry_index_to_remove_ =
         tab()->controller()->GetLastCommittedEntryIndex();
@@ -72,84 +75,200 @@ std::string SafeBrowsingBlockingPage::GetHTMLContents() {
   ResourceBundle& rb = ResourceBundle::GetSharedInstance();
   std::string html;
 
-  if (result_ == SafeBrowsingService::URL_MALWARE) {
-    std::wstring link = StringPrintf(kSbDiagnosticHtml,
-        l10n_util::GetString(IDS_SAFE_BROWSING_MALWARE_DIAGNOSTIC_PAGE).
-            c_str());
-
-    strings.SetString(L"badURL", UTF8ToWide(url().host()));
-    strings.SetString(L"title",
-                      l10n_util::GetString(IDS_SAFE_BROWSING_MALWARE_TITLE));
-    strings.SetString(L"headLine",
-                      l10n_util::GetString(IDS_SAFE_BROWSING_MALWARE_HEADLINE));
-
-    // Check to see if we're blocking the main page, or a sub-resource on the
-    // main page.
-    if (is_main_frame_) {
-      strings.SetString(L"description1",
-          l10n_util::GetStringF(IDS_SAFE_BROWSING_MALWARE_DESCRIPTION1,
-                                UTF8ToWide(url().host())));
-      strings.SetString(L"description2",
-          l10n_util::GetStringF(IDS_SAFE_BROWSING_MALWARE_DESCRIPTION2,
-                                link,
-                                UTF8ToWide(url().host())));
-    } else {
-      strings.SetString(L"description1",
-          l10n_util::GetStringF(IDS_SAFE_BROWSING_MALWARE_DESCRIPTION4,
-                                UTF8ToWide(tab()->GetURL().host()),
-                                UTF8ToWide(url().host())));
-      strings.SetString(L"description2",
-          l10n_util::GetStringF(IDS_SAFE_BROWSING_MALWARE_DESCRIPTION5,
-                                link,
-                                UTF8ToWide(url().host())));
-    }
+  if (unsafe_resources_.empty()) {
+    NOTREACHED();
+    return std::string();
+  }
 
-    strings.SetString(L"description3",
-        l10n_util::GetString(IDS_SAFE_BROWSING_MALWARE_DESCRIPTION3));
-    strings.SetString(L"confirm_text",
-        l10n_util::GetString(IDS_SAFE_BROWSING_MALWARE_DESCRIPTION_AGREE));
-    strings.SetString(L"continue_button",
-        l10n_util::GetString(IDS_SAFE_BROWSING_MALWARE_PROCEED_BUTTON));
-    strings.SetString(L"back_button",
-        l10n_util::GetString(IDS_SAFE_BROWSING_MALWARE_BACK_BUTTON));
-    strings.SetString(L"textdirection",
-        (l10n_util::GetTextDirection() == l10n_util::RIGHT_TO_LEFT) ?
-        L"rtl" : L"ltr");
+  if (unsafe_resources_.size() > 1) {
+    PopulateMultipleThreatStringDictionary(&strings);
+    html = rb.GetDataResource(IDR_SAFE_BROWSING_MULTIPLE_THREAT_BLOCK);
+  } else if (unsafe_resources_[0].threat_type ==
+             SafeBrowsingService::URL_MALWARE) {
+    PopulateMalwareStringDictionary(&strings);
     html = rb.GetDataResource(IDR_SAFE_BROWSING_MALWARE_BLOCK);
   } else {  // Phishing.
-    strings.SetString(L"title",
-                      l10n_util::GetString(IDS_SAFE_BROWSING_PHISHING_TITLE));
-    strings.SetString(L"headLine",
-        l10n_util::GetString(IDS_SAFE_BROWSING_PHISHING_HEADLINE));
-    strings.SetString(L"description1",
-        l10n_util::GetStringF(IDS_SAFE_BROWSING_PHISHING_DESCRIPTION1,
-                              UTF8ToWide(url().host())));
-    strings.SetString(L"description2",
-        l10n_util::GetStringF(IDS_SAFE_BROWSING_PHISHING_DESCRIPTION2,
-                              UTF8ToWide(url().host())));
-
-    strings.SetString(L"continue_button",
-        l10n_util::GetString(IDS_SAFE_BROWSING_PHISHING_PROCEED_BUTTON));
-    strings.SetString(L"back_button",
-        l10n_util::GetString(IDS_SAFE_BROWSING_PHISHING_BACK_BUTTON));
-    strings.SetString(L"report_error",
-        l10n_util::GetString(IDS_SAFE_BROWSING_PHISHING_REPORT_ERROR));
-    strings.SetString(L"textdirection",
-        (l10n_util::GetTextDirection() == l10n_util::RIGHT_TO_LEFT) ?
-        L"rtl" : L"ltr");
+    DCHECK(unsafe_resources_[0].threat_type ==
+           SafeBrowsingService::URL_PHISHING);
+    PopulatePhishingStringDictionary(&strings);
     html = rb.GetDataResource(IDR_SAFE_BROWSING_PHISHING_BLOCK);
   }
 
   return jstemplate_builder::GetTemplateHtml(html, &strings, "template_root");
 }
 
-void SafeBrowsingBlockingPage::CommandReceived(const std::string& command) {
-  if (command == "2") {
+void SafeBrowsingBlockingPage::PopulateStringDictionary(
+    DictionaryValue* strings,
+    const std::wstring& title,
+    const std::wstring& headline,
+    const std::wstring& description1,
+    const std::wstring& description2,
+    const std::wstring& description3) {
+  strings->SetString(L"title", title);
+  strings->SetString(L"headLine", headline);
+  strings->SetString(L"description1", description1);
+  strings->SetString(L"description2", description2);
+  strings->SetString(L"description3", description3);
+}
+
+void SafeBrowsingBlockingPage::PopulateMultipleThreatStringDictionary(
+    DictionaryValue* strings) {
+  bool malware = false;
+  bool phishing = false;
+
+  std::wstring phishing_label =
+      l10n_util::GetString(IDS_SAFE_BROWSING_PHISHING_LABEL);
+  std::wstring phishing_link =
+      l10n_util::GetString(IDS_SAFE_BROWSING_PHISHING_REPORT_ERROR);
+  std::wstring malware_label =
+      l10n_util::GetString(IDS_SAFE_BROWSING_MALWARE_LABEL);
+  std::wstring malware_link =
+      l10n_util::GetString(IDS_SAFE_BROWSING_MALWARE_DIAGNOSTIC_PAGE);
+
+  ListValue* error_strings = new ListValue;
+  for (UnsafeResourceList::const_iterator iter = unsafe_resources_.begin();
+       iter != unsafe_resources_.end(); ++iter) {
+    const SafeBrowsingService::UnsafeResource& resource = *iter;
+    DictionaryValue* current_error_strings = new DictionaryValue;
+    if (resource.threat_type == SafeBrowsingService::URL_MALWARE) {
+      malware = true;
+      current_error_strings->SetString(L"type", L"malware");
+      current_error_strings->SetString(L"typeLabel", malware_label);
+      current_error_strings->SetString(L"errorLink", malware_link);
+    } else {
+      DCHECK(resource.threat_type == SafeBrowsingService::URL_PHISHING);
+      phishing = true;
+      current_error_strings->SetString(L"type", L"phishing");
+      current_error_strings->SetString(L"typeLabel", phishing_label);
+      current_error_strings->SetString(L"errorLink", phishing_link);
+    }
+    current_error_strings->SetString(L"url", UTF8ToWide(resource.url.spec()));
+    error_strings->Append(current_error_strings);
+  }
+  strings->Set(L"errors", error_strings);
+  DCHECK(phishing || malware);
+
+  if (malware && phishing) {
+    PopulateStringDictionary(
+        strings,
+        // Use the malware headline, it is the scariest one.
+        l10n_util::GetString(IDS_SAFE_BROWSING_MULTI_THREAT_TITLE),
+        l10n_util::GetString(IDS_SAFE_BROWSING_MALWARE_HEADLINE),
+        l10n_util::GetStringF(IDS_SAFE_BROWSING_MULTI_THREAT_DESCRIPTION1,
+                              UTF8ToWide(tab()->GetURL().host())),
+        l10n_util::GetString(IDS_SAFE_BROWSING_MULTI_THREAT_DESCRIPTION2),
+        L"");
+  } else if (malware) {
+    // Just malware.
+    PopulateStringDictionary(
+        strings,
+        l10n_util::GetString(IDS_SAFE_BROWSING_MALWARE_TITLE),
+        l10n_util::GetString(IDS_SAFE_BROWSING_MALWARE_HEADLINE),
+        l10n_util::GetStringF(IDS_SAFE_BROWSING_MULTI_MALWARE_DESCRIPTION1,
+                              UTF8ToWide(tab()->GetURL().host())),
+        l10n_util::GetString(IDS_SAFE_BROWSING_MULTI_MALWARE_DESCRIPTION2),
+        l10n_util::GetString(IDS_SAFE_BROWSING_MALWARE_DESCRIPTION3));
+  } else {
+    // Just phishing.
+    PopulateStringDictionary(
+        strings,
+        l10n_util::GetString(IDS_SAFE_BROWSING_PHISHING_TITLE),
+        l10n_util::GetString(IDS_SAFE_BROWSING_PHISHING_HEADLINE),
+        l10n_util::GetStringF(IDS_SAFE_BROWSING_MULTI_PHISHING_DESCRIPTION1,
+                              UTF8ToWide(tab()->GetURL().host())),
+        L"", L"");
+  }
+
+  strings->SetString(L"confirm_text",
+      l10n_util::GetString(IDS_SAFE_BROWSING_MALWARE_DESCRIPTION_AGREE));
+  strings->SetString(L"continue_button",
+      l10n_util::GetString(IDS_SAFE_BROWSING_MALWARE_PROCEED_BUTTON));
+  strings->SetString(L"back_button",
+      l10n_util::GetString(IDS_SAFE_BROWSING_MALWARE_BACK_BUTTON));
+  strings->SetString(L"textdirection",
+      (l10n_util::GetTextDirection() == l10n_util::RIGHT_TO_LEFT) ?
+      L"rtl" : L"ltr");
+}
+
+void SafeBrowsingBlockingPage::PopulateMalwareStringDictionary(
+    DictionaryValue* strings) {
+  std::wstring link = StringPrintf(kSbDiagnosticHtml,
+      l10n_util::GetString(IDS_SAFE_BROWSING_MALWARE_DIAGNOSTIC_PAGE).c_str());
+
+  strings->SetString(L"badURL", UTF8ToWide(url().host()));
+  // Check to see if we're blocking the main page, or a sub-resource on the
+  // main page.
+  std::wstring description1, description2;
+  if (is_main_frame_) {
+    description1 = l10n_util::GetStringF(IDS_SAFE_BROWSING_MALWARE_DESCRIPTION1,
+                                         UTF8ToWide(url().host()));
+    description2 = l10n_util::GetStringF(IDS_SAFE_BROWSING_MALWARE_DESCRIPTION2,
+                                         link,
+                                         UTF8ToWide(url().host()));
+  } else {
+    description1 = l10n_util::GetStringF(IDS_SAFE_BROWSING_MALWARE_DESCRIPTION4,
+                                         UTF8ToWide(tab()->GetURL().host()),
+                                         UTF8ToWide(url().host()));
+    description2 = l10n_util::GetStringF(IDS_SAFE_BROWSING_MALWARE_DESCRIPTION5,
+                                         link,
+                                         UTF8ToWide(url().host()));
+  }
+
+  PopulateStringDictionary(
+      strings,
+      l10n_util::GetString(IDS_SAFE_BROWSING_MALWARE_TITLE),
+      l10n_util::GetString(IDS_SAFE_BROWSING_MALWARE_HEADLINE),
+      description1, description2,
+      l10n_util::GetString(IDS_SAFE_BROWSING_MALWARE_DESCRIPTION3));
+
+  strings->SetString(L"confirm_text",
+      l10n_util::GetString(IDS_SAFE_BROWSING_MALWARE_DESCRIPTION_AGREE));
+  strings->SetString(L"continue_button",
+      l10n_util::GetString(IDS_SAFE_BROWSING_MALWARE_PROCEED_BUTTON));
+  strings->SetString(L"back_button",
+      l10n_util::GetString(IDS_SAFE_BROWSING_MALWARE_BACK_BUTTON));
+  strings->SetString(L"textdirection",
+      (l10n_util::GetTextDirection() == l10n_util::RIGHT_TO_LEFT) ?
+      L"rtl" : L"ltr");
+}
+
+void SafeBrowsingBlockingPage::PopulatePhishingStringDictionary(
+    DictionaryValue* strings) {
+  PopulateStringDictionary(
+      strings,
+      l10n_util::GetString(IDS_SAFE_BROWSING_PHISHING_TITLE),
+      l10n_util::GetString(IDS_SAFE_BROWSING_PHISHING_HEADLINE),
+      l10n_util::GetStringF(IDS_SAFE_BROWSING_PHISHING_DESCRIPTION1,
+                            UTF8ToWide(url().host())),
+      l10n_util::GetStringF(IDS_SAFE_BROWSING_PHISHING_DESCRIPTION2,
+                            UTF8ToWide(url().host())),
+      L"");
+
+  strings->SetString(L"continue_button",
+      l10n_util::GetString(IDS_SAFE_BROWSING_PHISHING_PROCEED_BUTTON));
+  strings->SetString(L"back_button",
+      l10n_util::GetString(IDS_SAFE_BROWSING_PHISHING_BACK_BUTTON));
+  strings->SetString(L"report_error",
+      l10n_util::GetString(IDS_SAFE_BROWSING_PHISHING_REPORT_ERROR));
+  strings->SetString(L"textdirection",
+      (l10n_util::GetTextDirection() == l10n_util::RIGHT_TO_LEFT) ?
+      L"rtl" : L"ltr");
+}
+
+void SafeBrowsingBlockingPage::CommandReceived(const std::string& cmd) {
+  std::string command(cmd);  // Make a local copy so we can modify it.
+  // The Jasonified response has quotes, remove them.
+  if (command.length() > 1 && command[0] == '"') {
+    command = command.substr(1, command.length() - 2);
+  }
+
+  if (command == kLearnMoreCommand) {
     // User pressed "Learn more".
     GURL url;
-    if (result_ == SafeBrowsingService::URL_MALWARE) {
+    if (unsafe_resources_[0].threat_type == SafeBrowsingService::URL_MALWARE) {
       url = GURL(l10n_util::GetString(IDS_LEARN_MORE_MALWARE_URL));
-    } else if (result_ == SafeBrowsingService::URL_PHISHING) {
+    } else if (unsafe_resources_[0].threat_type ==
+               SafeBrowsingService::URL_PHISHING) {
       url = GURL(l10n_util::GetString(IDS_LEARN_MORE_PHISHING_URL));
     } else {
       NOTREACHED();
@@ -157,68 +276,164 @@ void SafeBrowsingBlockingPage::CommandReceived(const std::string& command) {
     tab()->OpenURL(url, GURL(), CURRENT_TAB, PageTransition::LINK);
     return;
   }
-  if (command == "3") {
+
+  if (command == kProceedCommand) {
+    Proceed();
+    // We are deleted after this.
+    return;
+  }
+
+  if (command == kTakeMeBackCommand) {
+    DontProceed();
+    // We are deleted after this.
+    return;
+  }
+
+  // The "report error" and "show diagnostic" commands can have a number
+  // appended to them, which is the index of the element they apply to.
+  int element_index = 0;
+  size_t colon_index = command.find(':');
+  if (colon_index != std::string::npos) {
+    DCHECK(colon_index < command.size() - 1);
+    std::string index_str = command.substr(colon_index + 1);
+    command = command.substr(0, colon_index);
+    bool result = StringToInt(index_str, &element_index);
+    DCHECK(result);
+  }
+
+  if (element_index >= static_cast<int>(unsafe_resources_.size())) {
+    NOTREACHED();
+    return;
+  }
+
+  std::string bad_url_spec = unsafe_resources_[element_index].url.spec();
+  if (command == kReportErrorCommand) {
     // User pressed "Report error" for a phishing site.
     // Note that we cannot just put a link in the interstitial at this point.
     // It is not OK to navigate in the context of an interstitial page.
-    DCHECK(result_ == SafeBrowsingService::URL_PHISHING);
+    DCHECK(unsafe_resources_[element_index].threat_type ==
+           SafeBrowsingService::URL_PHISHING);
     GURL report_url =
         safe_browsing_util::GeneratePhishingReportUrl(kSbReportPhishingUrl,
-                                                      url().spec());
-    Hide();
+                                                      bad_url_spec);
     tab()->OpenURL(report_url, GURL(), CURRENT_TAB, PageTransition::LINK);
     return;
   }
-  if (command == "4") {
+
+  if (command == kShowDiagnosticCommand) {
     // We're going to take the user to Google's SafeBrowsing diagnostic page.
     std::string diagnostic =
         StringPrintf(kSbDiagnosticUrl,
-                     EscapeQueryParamValue(url().spec()).c_str());
+                     EscapeQueryParamValue(bad_url_spec).c_str());
     GURL diagnostic_url(diagnostic);
     diagnostic_url = google_util::AppendGoogleLocaleParam(diagnostic_url);
-    DCHECK(result_ == SafeBrowsingService::URL_MALWARE);
+    DCHECK(unsafe_resources_[element_index].threat_type ==
+           SafeBrowsingService::URL_MALWARE);
     tab()->OpenURL(diagnostic_url, GURL(), CURRENT_TAB, PageTransition::LINK);
     return;
   }
 
-  proceed_ = command == "1";
+  NOTREACHED() << "Unexpected command: " << command;
+}
 
-  if (proceed_)
-    Proceed();
-  else
-    DontProceed();
+void SafeBrowsingBlockingPage::Proceed() {
+  NotifySafeBrowsingService(sb_service_, unsafe_resources_, true);
+
+  // Check to see if some new notifications of unsafe resources have been
+  // received while we were showing the interstitial.
+  UnsafeResourceMap* unsafe_resource_map = GetUnsafeResourcesMap();
+  UnsafeResourceMap::iterator iter = unsafe_resource_map->find(tab());
+  SafeBrowsingBlockingPage* blocking_page = NULL;
+  if (iter != unsafe_resource_map->end() && !iter->second.empty()) {
+    // Build an interstitial for all the unsafe resources notifications.
+    // Don't show it now as showing an interstitial while an interstitial is
+    // already showing would cause DontProceed() to be invoked.
+    blocking_page = new SafeBrowsingBlockingPage(sb_service_, tab(),
+                                                 iter->second);
+    unsafe_resource_map->erase(iter);
+  }
 
-  NotifyDone();
+  InterstitialPage::Proceed();
+  // We are now deleted.
+
+  // Now that this interstitial is gone, we can show the new one.
+  if (blocking_page)
+    blocking_page->Show();
 }
 
 void SafeBrowsingBlockingPage::DontProceed() {
-  if (navigation_entry_index_to_remove_ != -1) {
+  NotifySafeBrowsingService(sb_service_, unsafe_resources_, false);
+
+  // The user does not want to proceed, clear the queued unsafe resources
+  // notifications we received while the interstitial was showing.
+  UnsafeResourceMap* unsafe_resource_map = GetUnsafeResourcesMap();
+  UnsafeResourceMap::iterator iter = unsafe_resource_map->find(tab());
+  if (iter != unsafe_resource_map->end() && !iter->second.empty()) {
+    NotifySafeBrowsingService(sb_service_, iter->second, false);
+    unsafe_resource_map->erase(iter);
+  }
+
+  // We don't remove the navigation entry if the tab is being destroyed as this
+  // would trigger a navigation that would cause trouble as the render view host
+  // for the tab has by then already been destroyed.
+  if (navigation_entry_index_to_remove_ != -1 && !tab()->is_being_destroyed()) {
     tab()->controller()->RemoveEntryAtIndex(navigation_entry_index_to_remove_,
                                             NewTabUIURL());
+    navigation_entry_index_to_remove_ = -1;
   }
   InterstitialPage::DontProceed();
   // We are now deleted.
 }
 
-void SafeBrowsingBlockingPage::NotifyDone() {
-  if (did_notify_)
-    return;
-
-  did_notify_ = true;
-
+// static
+void SafeBrowsingBlockingPage::NotifySafeBrowsingService(
+    SafeBrowsingService* sb_service,
+    const UnsafeResourceList& unsafe_resources,
+    bool proceed) {
   base::Thread* io_thread = g_browser_process->io_thread();
   if (!io_thread)
     return;
 
-  SafeBrowsingService::BlockingPageParam param;
-  param.url = url();
-  param.result = result_;
-  param.client = client_;
-  param.render_process_host_id = render_process_host_id_;
-  param.render_view_id = render_view_id_;
-  param.proceed = proceed_;
   io_thread->message_loop()->PostTask(FROM_HERE, NewRunnableMethod(
-      sb_service_,
-      &SafeBrowsingService::OnBlockingPageDone,
-      param));
+      sb_service, &SafeBrowsingService::OnBlockingPageDone, unsafe_resources,
+      proceed));
+}
+
+// static
+SafeBrowsingBlockingPage::UnsafeResourceMap*
+    SafeBrowsingBlockingPage::GetUnsafeResourcesMap() {
+  return Singleton<UnsafeResourceMap>::get();
+}
+
+// static
+void SafeBrowsingBlockingPage::ShowBlockingPage(
+    SafeBrowsingService* sb_service,
+    const SafeBrowsingService::UnsafeResource& unsafe_resource) {
+  WebContents* web_contents = tab_util::GetWebContentsByID(
+      unsafe_resource.render_process_host_id, unsafe_resource.render_view_id);
+
+  if (!InterstitialPage::GetInterstitialPage(web_contents)) {
+    // There are no interstitial currently showing in that tab, go ahead and
+    // show this interstitial.
+    std::vector<SafeBrowsingService::UnsafeResource> resources;
+    resources.push_back(unsafe_resource);
+    SafeBrowsingBlockingPage* blocking_page =
+        new SafeBrowsingBlockingPage(sb_service, web_contents, resources);
+    blocking_page->Show();
+    return;
+  }
+
+  // Let's queue the interstitial.
+  // Note we only expect resources from the page at this point.
+  DCHECK(unsafe_resource.resource_type != ResourceType::MAIN_FRAME);
+  UnsafeResourceMap* unsafe_resource_map = GetUnsafeResourcesMap();
+  (*unsafe_resource_map)[web_contents].push_back(unsafe_resource);
+}
+
+// static
+bool SafeBrowsingBlockingPage::IsMainPage(
+    const UnsafeResourceList& unsafe_resources) {
+  return unsafe_resources.size() == 1 &&
+         unsafe_resources[0].resource_type == ResourceType::MAIN_FRAME;
 }
+