Changeset 24:056ef2be1351

Timestamp:

12/03/11 22:21:56 (19 months ago)

Author:

Dave Raggett <dsr@…>

Branch:

default

Tags:

tip

Message:

overhauled cookie blocking and p3p policy formatting, support for Firefox 10

Location:

dashboard

Files:

• build.sh (modified) (1 diff)
• chrome/content/assess.js (modified) (2 diffs)
• chrome/content/dashboard.js (modified) (1 diff)
• chrome/content/dashboard.xul (modified) (2 diffs)
• chrome/content/database.js (modified) (1 diff)
• chrome/content/misc.js (modified) (14 diffs)
• chrome/content/observer.js (modified) (8 diffs)
• chrome/content/overlay.js (modified) (2 diffs)
• chrome/content/p3p.js (modified) (16 diffs)
• chrome/locale/en-US/dashboard.dtd (modified) (1 diff)
• dashboard.xpi (modified) (previous)
• install.rdf (modified) (2 diffs)

dashboard/build.sh

@@ -8 +8 @@
 touch $TARGET.xpi
 rm $TARGET.xpi
-zip -r ../$TARGET.xpi install.rdf chrome.manifest chrome defaults readme.txt
+zip -r ../$TARGET.xpi install.rdf chrome.manifest chrome defaults readme.txt build.sh
 mv ../$TARGET.xpi .

dashboard/chrome/content/assess.js

@@ -54 +54 @@
     }, false);
 
-    let norton_button = document.getElementById("exec_norton_button");
-    norton_button.addEventListener("command", function ()
-    {
-      assess.check_norton();
-    }, false);
-
-    let freetrust_button = document.getElementById("exec_freetrust_button");
-    freetrust_button.addEventListener("command", function ()
-    {
-      assess.check_freetrust();
-    }, false);
-
-    let truste_button = document.getElementById("exec_truste_button");
-    freetrust_button.addEventListener("command", function ()
-    {
-      assess.check_truste();
-    }, false);
-
     let simplify = document.getElementById("simplify_choices");
     simplify.addEventListener("command", function ()
@@ -213 +195 @@
   },
 
-  check_norton: function ()
-  {
-    window.open("http://safeweb.norton.com/report/show?url="+this.host);
-  },
-
-  check_freetrust: function ()
-  {
-    window.open("http://freetrustseal.com/trust.php?site="+this.host);
-  },
-
-  check_truste: function ()
-  {
-    window.open("http://clicktoverify.truste.com/pvr.php?page=validate&url="+this.host);
-  },
-
   record_prefs: function (evt)
   {
-    assess.save_prefs(assess.host);
+    // special effort to clear cookies
+    // when setting preferences
+    let id = this.getAttribute("id");
+    let checked = this.getAttribute("checked");
+    let host = assess.host;
+
+    if (id == "prefs_all_lasting_cookies")
+    {
+      if (checked == "true")
+         assess.query_3rd_parties(host,
+           function (host, parties, offsite)
+           {
+             assess.purge_cookies(host, 1<<5, parties, offsite);
+           });
+    }
+    else if (id == "prefs_ext_3rd_cookies" || id == "thoughtful")
+    {
+      if (checked == "true")
+         assess.query_3rd_parties(host,
+           function (host, parties, offsite)
+           {
+             assess.purge_cookies(host, 1<<4, parties, offsite);
+           });
+    }
+    else if (id == "paranoid")
+    {
+      if (checked == "true")
+         assess.query_3rd_parties(host,
+           function (host, parties, offsite)
+           {
+             assess.purge_cookies(host, (1<<4 | 1<<5), parties, offsite);
+           });
+    }
+
+    assess.save_prefs(host);
+  },
+
+  // query for list of 3rd parties for this site, assumes that
+  // database.log_3rd_parties(status); has already taken effect
+  query_3rd_parties: function (host, action)
+  {
+    let database = window.database;
+    let query = "SELECT DISTINCT third_party, offsite FROM  parties " +
+                "WHERE page_host = " + database.quote(host);
+
+    let handler = 
+    {
+      parties: [],
+      offsite: [],
+
+      process_row: function (row)
+      {
+        this.parties.push(row.getResultByName("third_party"));
+        this.offsite.push(row.getResultByName("offsite"));        
+      },
+
+      finalize: function () 
+      {
+        action(host, this.parties, this.offsite);
+      }
+    };
+
+    database.select(query, database.db, handler);
+  },
+
+  // code copied from misc.rate_cookies()
+  purge_cookies: function (host, prefs, parties, offsite)
+  {
+    let cm = Components.classes['@mozilla.org/cookiemanager;1'].
+      getService(Components.interfaces.nsICookieManager2);
+
+    let cookies = cm.enumerator;
+    let lasting_cookies = [];
+    let session_cookies = [];
+    let int_3rd_lasting_cookies = [];
+    let int_3rd_session_cookies = [];
+    let ext_3rd_lasting_cookies = [];
+    let ext_3rd_session_cookies = [];
+
+    // iterate through cookiemanager's list of current cookies
+    // and check against first and all third party sites, this
+    // would require *many* database queries using SQLite
+    while (cookies.hasMoreElements())
+    {
+      let cookie = cookies.getNext();
+      cookie.QueryInterface(Components.interfaces.nsICookie2);
+
+      // cookie matching web page host
+      if (host.indexOf(cookie.host) >= 0)
+      {
+        if (cookie.isSession)
+          session_cookies.push(cookie);
+        else
+          lasting_cookies.push(cookie);
+      }
+      else  // check for 3rd party cookies
+      {
+        // pump up the cost!
+        for (let i in parties)
+        {
+          if (parties[i].indexOf(cookie.host) >= 0)
+          {
+            if (offsite[i] == 2)
+            {
+              if (cookie.isSession)
+                ext_3rd_session_cookies.push(cookie);
+              else
+                ext_3rd_lasting_cookies.push(cookie);
+            }
+            else
+            {
+              if (cookie.isSession)
+                int_3rd_session_cookies.push(cookie);
+              else
+                int_3rd_lasting_cookies.push(cookie);
+            }
+          }
+        }
+      }
+    }
+
+    let int_3rd_parties = 0;
+    let ext_3rd_parties = 0;
+
+    for (let i = 0; i < offsite.length; ++i)
+    {
+      if (offsite[i] == 2)
+        ++ext_3rd_parties;
+      else
+        ++int_3rd_parties;
+    }
+
+    if (prefs & (1<<5))  // purge all lasting cookies
+    {
+      for (let i = 0; i < lasting_cookies.length; ++i)
+      {
+        cookie = lasting_cookies[i];
+        cm.remove(cookie.host, cookie.name, cookie.path, false);
+      }
+
+      for (let i = 0; i < int_3rd_lasting_cookies.length; ++i)
+      {
+        cookie = int_3rd_lasting_cookies[i];
+        cm.remove(cookie.host, cookie.name, cookie.path, false);
+      }
+
+      for (let i = 0; i < ext_3rd_lasting_cookies.length; ++i)
+      {
+        cookie = ext_3rd_lasting_cookies[i];
+        cm.remove(cookie.host, cookie.name, cookie.path, false);
+      }
+    }
+    else
+    {
+      if (prefs & (1<<4))  // purge all 3rd party cookies
+      {
+        for (let i = 0; i < ext_3rd_session_cookies.length; ++i)
+        {
+          cookie = ext_3rd_session_cookies[i];
+          cm.remove(cookie.host, cookie.name, cookie.path, false);
+        }
+
+        for (let i = 0; i < ext_3rd_lasting_cookies.length; ++i)
+        {
+          cookie = ext_3rd_lasting_cookies[i];
+          cm.remove(cookie.host, cookie.name, cookie.path, false);
+        }
+      }
+    }
   },
 

dashboard/chrome/content/dashboard.js

@@ -335 +335 @@
   // which is obtained from the onLocationChange event
   update_current_site: function (status) {
-    this.assess.update_current_site(status);
+    console.log("dashboard.update_current_site: " + status.page_host);
+    assess.update_current_site(status);
   },
 

dashboard/chrome/content/dashboard.xul

@@ -153 +153 @@
         <vbox flex="1" style="overflow:auto; padding:10px">
         <html:div id="p3p_policy"/>
+        <vbox  id="site_info">
         <html:h3>&dashboard.dialog.current.heading;</html:h3>
-        <vbox  id="site_info">
         <description>
         <html:p>&dashboard.dialog.cursite.descr;</html:p>
@@ -246 +246 @@
         </panel>
         </description>
-        <html:hr/>
-        <html:p>&dashboard.dialog.cursite.test;</html:p>
-        <hbox>
-        <button id="exec_norton_button" label="&dashboard.dialog.cursite.test.norton.label;"/>
-        <button id="exec_freetrust_button" label="&dashboard.dialog.cursite.test.freetrust.label;"/>
-        <button id="exec_truste_button" label="&dashboard.dialog.cursite.test.truste.label;"/>
-        </hbox>
         </vbox>
         </vbox>

dashboard/chrome/content/database.js

@@ -824 +824 @@
     var prefs;
 
-    var sql = "SELECT prefs FROM site_info WHERE host = '" +
+    let sql = "SELECT prefs FROM site_info WHERE host = '" +
               host + "'";
 
-    var dataset = this.sync_get(sql, db);
+    let dataset = this.sync_get(sql, db);
 
     if (dataset && dataset.length > 0)

dashboard/chrome/content/misc.js

@@ -401 +401 @@
   rate_site: function (browser)
   {
-    var uri = browser.currentURI;
-    var status = browser.dashboard_status;
+    let uri = browser.currentURI;
+    let status = browser.dashboard_status;
 
     // status is null for about:* pages
-    var host = (status ? status.page_host : null);
+    let host = (status ? status.page_host : null);
+    console.log("misc.rate_site: " + host);
     
     if (host)
     {
-      this.query_3rd_parties(browser, host);
-      this.query_p3p(browser, host);
-      this.query_geo(browser, host);
+      // synchronous functions
       this.html5_ping(browser);
-      this.query_dom_storage(browser);
-
-      // allow page scripts to do their evil work before check
-      setTimeout( function ()
-      {
-        dashboard_overlay.misc.spot_web_bugs(browser);
-      }, 10 );
+      this.spot_web_bugs(browser);
+
+      // prepare continuation, count is number of processes 
+      // before calling misc.update_dashboard(browser);
+      let counter = { "count": 4 };
+
+      // asynchronous involving db access
+      this.query_3rd_parties(browser, host, counter);
+      this.query_p3p(browser, host, counter);
+      this.query_geo(browser, host, counter);
+      this.query_dom_storage(browser, counter);
     }
     else // treat non-http pages as cool
@@ -426 +429 @@
       primelife_button.style.listStyleImage = 
              'url("chrome://dashboard-common/skin/glasses-cool.png")';
-    }
-
-    let context = dashboard_overlay.context;
-    let dialog = context.dashboard_dialog;
-
-    // check if this is the current browser to avoid changing dashboard if it's not
-    if (dialog && dialog.dashboard && browser == dashboard_overlay.current_browser())
-    {
-      dialog.dashboard_overlay = dashboard_overlay;
-      var update = dialog.dashboard.update_current_site;
-
-      // some of the above database operations are asynchronous
-      // and need time to complete before we display the results
-      // query p3p has its own means to refresh dashboard display
-      // since it involves external network traffic for policies
-      // 200mS should be plenty for SQLite database operations.
-      setTimeout(function ()
-      {
-        if (status)
-          update(status);
-      }, 200);
-    }
+
+      this.update_dashboard(browser);
+    }
+  },
+
+  // update dashboard current site user interface
+  // introduce delay to allow change in browser to take effect
+  update_dashboard: function (browser)
+  {
+    setTimeout(function ()
+    {
+      dashboard_overlay.misc.check_rating(browser);
+
+      let status = browser.dashboard_status;
+      let context = dashboard_overlay.context;
+      let dialog = context.dashboard_dialog;
+      console.log("update_dashboard: " + status.page_host);
+
+      // check if this is the current browser to avoid changing dashboard if it's not
+      if (dialog && dialog.dashboard && browser == dashboard_overlay.current_browser())
+      {
+        dialog.dashboard_overlay = dashboard_overlay;
+        dialog.dashboard.update_current_site(status);
+      }
+    }, 10);
   },
 
@@ -489 +495 @@
   },
 
-  // query for list of 3rd parties for this site
-  query_3rd_parties: function (browser, host)
+  // query for list of 3rd parties for this site, assumes that
+  // database.log_3rd_parties(status); has already taken effect
+  query_3rd_parties: function (browser, host, counter)
   {
     let database = dashboard_overlay.database;
@@ -498 +505 @@
     let handler = 
     {
-      browser: browser,
       parties: [],
       offsite: [],
@@ -511 +517 @@
       {
         dashboard_overlay.misc.rate_cookies(browser, this.parties, this.offsite);
+
+        if (--counter.count <= 0)
+          dashboard_overlay.misc.update_dashboard(browser);
       }
     };
@@ -517 +526 @@
   },
 
-  query_dom_storage: function (browser)
+  query_dom_storage: function (browser, counter)
   {
     let database = dashboard_overlay.database;
@@ -550 +559 @@
       {
         status.dom_storage = this.keys.length;
+
+        if (--counter.count <= 0)
+          dashboard_overlay.misc.update_dashboard(browser);
       }
     };
@@ -560 +572 @@
   // then do same check for flash supercookies
   // linear in *total* number of cookies for all hosts
+  // it may be faster(?) to scan separately for cookies
+  // for the host and for each 3rd party
   rate_cookies: function (browser, parties, offsite) 
   {
@@ -583 +597 @@
       cookie.QueryInterface(Components.interfaces.nsICookie2);
 
+      // cookie matching web page host
       if (host.indexOf(cookie.host) >= 0)
       {
@@ -590 +605 @@
           lasting_cookies.push(cookie);
       }
-      else
+      else  // check for 3rd party cookies
       {
         // pump up the cost!
@@ -661 +676 @@
     status.ext_3rd_party_flash_cookies = ext_3rd_fso.length;
 
-    this.check_rating(browser);
-  },
-
-  query_p3p: function (browser, host)
+    // get prefs and purge unwanted cookies
+    let database = dashboard_overlay.database;
+    let prefs = database.get_prefs(host, database.db);
+    let cookie = null;
+    console.log("rate_cookies: prefs = " + prefs);
+
+    if (prefs & (1<<5))  // purge all lasting cookies
+    {
+      for (let i = 0; i < lasting_cookies.length; ++i)
+      {
+        cookie = lasting_cookies[i];
+        cm.remove(cookie.host, cookie.name, cookie.path, false);
+      }
+
+      for (let i = 0; i < int_3rd_lasting_cookies.length; ++i)
+      {
+        cookie = int_3rd_lasting_cookies[i];
+        cm.remove(cookie.host, cookie.name, cookie.path, false);
+      }
+
+      for (let i = 0; i < ext_3rd_lasting_cookies.length; ++i)
+      {
+        cookie = ext_3rd_lasting_cookies[i];
+        cm.remove(cookie.host, cookie.name, cookie.path, false);
+      }
+
+      if (prefs & (1<<4))  // purge all 3rd party cookies
+      {
+        for (let i = 0; i < ext_3rd_session_cookies.length; ++i)
+        {
+          cookie = ext_3rd_session_cookies[i];
+          cm.remove(cookie.host, cookie.name, cookie.path, false);
+        }
+      }
+    }
+    else
+    {
+      if (prefs & (1<<4))  // purge all 3rd party cookies
+      {
+        for (let i = 0; i < ext_3rd_session_cookies.length; ++i)
+        {
+          cookie = ext_3rd_session_cookies[i];
+          cm.remove(cookie.host, cookie.name, cookie.path, false);
+        }
+
+        for (let i = 0; i < ext_3rd_lasting_cookies.length; ++i)
+        {
+          cookie = ext_3rd_lasting_cookies[i];
+          cm.remove(cookie.host, cookie.name, cookie.path, false);
+        }
+      }
+    }
+  },
+
+  query_p3p: function (browser, host, counter)
   {
     let database = dashboard_overlay.database;
@@ -680 +746 @@
       {
         dashboard_overlay.misc.rate_p3p(browser, this.data);
+
+        if (--counter.count <= 0)
+          dashboard_overlay.misc.update_dashboard(browser);
       }
     };
@@ -692 +761 @@
   },
 
-  query_geo: function (browser, host)
+  query_geo: function (browser, host, counter)
   {
     let database = dashboard_overlay.database;
@@ -710 +779 @@
       {
         dashboard_overlay.misc.rate_geo(this.browser, this.data);
+
+        if (--counter.count <= 0)
+          dashboard_overlay.misc.update_dashboard(browser);
       }
     };

dashboard/chrome/content/observer.js

@@ -60 +60 @@
       observerService.addObserver(this, "http-on-modify-request", false);
       observerService.addObserver(this, "http-on-examine-response", false);
+      observerService.addObserver(this, "cookie-changed", false);
 
       // register content policy
@@ -96 +97 @@
       observerService.removeObserver(this, "http-on-examine-response");
       observerService.removeObserver(this, "http-on-modify-request");
+      observerService.addObserver(this, "cookie-changed", false);
 
       // is it sensible to delete the category entry here?
@@ -219 +221 @@
       let offsite = 0;
       let block_3rd_party_cookie = false;
-      let block_lasting_cookies = false;
       let block_3rd_parties = false;
 
-      // the experimental "do not track" headers, as explained in
-      // http://paranoia.dubfire.net/2011/01/history-of-do-not-track-header.html
+      // the "do not track" header, as defined in
+      // http://www.w3.org/Submission/web-tracking-protection/
       if (prefs & (1 << 15))
       {
-        httpChannel.setRequestHeader("X-Behavioral-Ad-Opt-Out", "1", false);
-        httpChannel.setRequestHeader("X-Do-Not-Track", "1", false);
-      }
-
-      block_lasting_cookies = prefs & (1<<5);
+        httpChannel.setRequestHeader("DNT", "1", false);
+      }
+
+      // unwanted cookies are purged after page has loaded
 
       // 3 from bit position in assess:save_prefs   
@@ -401 +401 @@
       let httpChannel = subject.QueryInterface(Components.interfaces.nsIHttpChannel);
 
-    let type = "";
-    try {
-      type = httpChannel.getResponseHeader("Content-Type");
-    } catch (e) {
-      type = "undefined";
-    } 
+      let type = "";
+      try {
+        type = httpChannel.getResponseHeader("Content-Type");
+      } catch (e) {
+        type = "undefined";
+      } 
 
       console.log("loading (" + httpChannel.responseStatus +  ") " + type + " from " + httpChannel.URI.spec);
@@ -424 +424 @@
           let never = rp ? rp & (1 <<2) : false ; // never block content from this site
 
+          let block_lasting_cookies = status.prefs & (1<<5);
           let block_3rd_parties = status.prefs & (1<<3);
           let block_flash = status.prefs & (1<<12);
           let block_java = status.prefs & (1<<13);
+
+          // always block cookies set on P3P policy!
+          if (target.path == "/w3c/p3p.xml")
+            observer.block_p3p_cookies(httpChannel);
 
           if (block_3rd_parties & !never)
@@ -470 +475 @@
       }
     }
+    else if (topic == "cookie-changed")  // only used for logging purposes
+    {
+      // subject is nsICookie2 or nsIArray of nsICookie2 objects
+      // data  is "deleted", "added", "changed", "batch-deleted", "cleared or "reload"
+      let cookies = null;
+
+      try {
+        cookies = subject.QueryInterface(Components.interfaces.nsIArray);
+      } catch (e) {
+        cookies = null;
+      }
+
+      if (!cookies)
+      {
+        let cookie = subject ? subject.QueryInterface(Components.interfaces.nsICookie2) : null;
+
+        if (cookie)
+          cookies = [ cookie ];
+      }
+
+      let i = 0;
+      while (i < cookies.length)
+      {
+        let cookie = cookies[i++];
+        console.log("cookie " + cookie.name + " for " + cookie.host + " " + data);
+      }
+    }
   },
 
@@ -496 +528 @@
       }
 
+      console.log("get_tab_index_from_channel: notificationCallbacks is null");
       return -2;
     }
     catch (e)
     {
+      console.log("get_tab_index_from_channel: " + e);
       if (aChannel.loadGroup)
       {
@@ -518 +552 @@
           catch (e)
           {
+            console.log("get_tab_index_from_channel: " + e);
             return -4;
           }
         }
       }
+
+      console.log("get_tab_index_from_channel: notificationCallbacks is null or loadGroup is null");
       return -3;
     }
+  },
+
+  block_p3p_cookies: function (httpChannel)
+  {
+    console.log("observer.block_p3p_cookies on " + httpChannel.URI.host);
+
+    let visitor = {
+      "channel": httpChannel,
+      "host": httpChannel.URI.host,
+
+      "visitHeader": function (header, value)
+      {
+        if (header == "Set-Cookie")
+          this.channel.setResponseHeader(header, null, false);
+      }
+    };
+
+    httpChannel.visitResponseHeaders(visitor);
   },
 

dashboard/chrome/content/overlay.js

@@ -302 +302 @@
     catch (e)
     {
-      alert("couldn't get localized string for " + key);
+      alert("couldn't get localized string for " + key + "\n " + e);
       return key;
     }
@@ -705 +705 @@
   },
   
+  // clear tab's dashboard status
   on_page_unload: function(aEvent)
   {  
     var doc = aEvent.originalTarget;
-    // doc is document that triggered "onunload" event  
-    // do something with the unloaded page.
-
-    //gBrowser.removeProgressListener(this.progressListener);
+
+    if (doc instanceof HTMLDocument)
+    {
+      let win = doc.defaultView;
+
+      if (win.frameElement)
+        return;
+
+      console.log("on page unload event - " + doc.location.href);
+
+      // find browser for this document
+      var browser = this.find_browser_from_doc(doc);
+
+      if (browser)
+        browser.dashboard_status = null;
+    } 
   },
 

dashboard/chrome/content/p3p.js

@@ -44 +44 @@
       return alert("couldn't find correct policy for path: " + path);
 
+    console.log("render_policy: uri = " + uri + " path = " + path);
+
     var req = new XMLHttpRequest();
 
@@ -54 +56 @@
         if (req.status == 200)
         {
-          if (req.responseXML)
+          if (req.responseXML && req.responseXML.documentElement.nodeName != "parsererror")
             dashboard_p3p.find_applicable_policy(path, req.responseXML, depth);
           else
@@ -66 +68 @@
             }
 */
-            alert("malformed P3P policy for url: " + uri +
+            console.log("trimming leading space before re-parse");
+            // trim leading whitespace before XML declaration
+            // so that we can view the policy for a common error
+            let s = req.responseText;
+            let i = 0;
+            for (i = 0; i < s.length && s.charCodeAt(i) < 33; ++i);
+            s = s.substr(i);
+
+            let parser = new DOMParser();
+            let dom = parser.parseFromString(s, "text/xml");
+
+            if (dom.documentElement.nodeName != "parsererror")
+              dashboard_p3p.find_applicable_policy(path, dom, depth);
+            else
+              alert("malformed P3P policy for url: " + uri +
                   "\nmedia type is " + req.channel.contentType);
           }
@@ -103 +119 @@
   find_applicable_policy: function (path, doc, depth)
   {
+    let serializer = new XMLSerializer();
+    let xml = serializer.serializeToString(doc);
+    //alert(xml);
+
     let uri = null, el, pattern;
     let root = doc.documentElement;
+    console.log("p3p root element is " + root.nodeName);
     let includes = root.getElementsByTagName("INCLUDE");
 
@@ -121 +142 @@
     if (!uri)
     {
+      console.log("p3p: checking POLICY-REF element");
       let pr = root.getElementsByTagName("POLICY-REF");
 
       if (pr && pr.length > 0)
         uri = pr[0].getAttribute("about");
+      else
+        console.log("p3p: can't find any POLICY-REF elements");
+
+      console.log("p3p policy-ref: " + uri);
     }
 
@@ -168 +194 @@
   },
 
-  show_policy: function (path, root) {
+  show_policy: function (path, root)
+  {
     let p3p = dashboard_p3p;
+    console.log("show_policy: path = " + path);
 
     if (!p3p.description)
@@ -181 +209 @@
     p3p.description.appendChild(el);
 
-    el.innerHTML = dashboard.localize("p3p_render.comment");
+    el.innerHTML = dashboard.localize("p3p_render.comment") + "<html:br />\n";
 
     let policies = root.getElementsByTagName("POLICY");
@@ -246 +274 @@
   {
     let obj = {};
+    console.log("p3p dump_contact: " + discuri);
 
     for (let data = contact.firstChild; data; data = data.nextSibling)
@@ -263 +292 @@
     s += "<html:h2>"+obj.business.name+" P3P Privacy Policy</html:h2>\n";
 
-    s += "<html:p><html:em>See also site's <html:a id='shrp'>" +
-         "human readable policy</html:a></html:em></html:p>\n";
+    if (discuri)
+    {
+      s += "<html:p><html:em>See also site's <html:a id='shrp' title='" + discuri + "'>" +
+           "human readable policy</html:a></html:em></html:p>\n";
+    }
 
     s += "<html:p>\n";
 
-    s += obj.business.contact_info.postal.street + "<html:br />\n";
-    s += obj.business.contact_info.postal.city + ", ";
-
-    if (obj.business.contact_info.postal.stateprov)
-      s += obj.business.contact_info.postal.stateprov + " ";
+    if (typeof(obj.business.contact_info.postal) != "undefined")
+    {
+      try
+      {
+        let info = obj.business.contact_info;
+
+        s += info.postal.street + "<html:br />\n";
+        s += info.postal.city + ", ";
+
+        if (info.postal.stateprov)
+        s += info.postal.stateprov + " ";
   
-    if (obj.business.contact_info.postal.postalcode)
-      s += obj.business.contact_info.postal.postalcode + "<html:br />\n";
-
-    s += obj.business.contact_info.postal.country + "<html:br />\n";
-
-    if (obj.business.contact_info.online.email)
-    {
-      s += "<html:br />email: \n";
-      s += obj.business.contact_info.online.email;
-    }
-
-    if (obj.business.contact_info.telecom &&
-           obj.business.contact_info.telecom.telephone)
-    {
-      s += "<html:br />phone: \n";
-      if (obj.business.contact_info.telecom.telephone.intcode)
-      {
-        s += "+"  + obj.business.contact_info.telecom.telephone.intcode;
-        s += "."  + obj.business.contact_info.telecom.telephone.loccode;
-        s += "."  + obj.business.contact_info.telecom.telephone.number;
-      }
-      else if (obj.business.contact_info.telecom.telephone.number)
-      {
-         if (obj.business.contact_info.telecom.telephone.number.substr(0,2) == "00")
-           s += "+" + obj.business.contact_info.telecom.telephone.substr(2);
-         else
-           s += obj.business.contact_info.telecom.telephone.number;
-      }
-      else if (typeof (obj.business.contact_info.telecom.telephone) == "string")
-      {
-         if (obj.business.contact_info.telecom.telephone.substr(0,2) == "00")
-           s += "+" + obj.business.contact_info.telecom.telephone.substr(2);
-         else
-           s += obj.business.contact_info.telecom.telephone;
+        if (info.postal.postalcode)
+          s += info.postal.postalcode + "<html:br />\n";
+
+        s += info.postal.country + "<html:br />\n";
+
+        if (info.online.email)
+        {
+          s += "<html:br />email: \n";
+          s += info.online.email;
+        }
+
+        if (info.telecom && info.telecom.telephone)
+        {
+          s += "<html:br />phone: \n";
+
+          if (info.telecom.telephone.intcode)
+          {
+            s += "+"  + info.telecom.telephone.intcode;
+            s += "."  + info.telecom.telephone.loccode;
+            s += "."  + info.telecom.telephone.number;
+          }
+          else if (info.telecom.telephone.number)
+          {
+            if (info.telecom.telephone.number.substr(0,2) == "00")
+              s += "+" + info.telecom.telephone.substr(2);
+            else
+              s += info.telecom.telephone.number;
+          }
+          else if (typeof (info.telecom.telephone) == "string")
+          {
+            if (info.telecom.telephone.substr(0,2) == "00")
+              s += "+" + info.telecom.telephone.substr(2);
+            else
+            s += info.telecom.telephone;
+          }
+        }
+      }
+      catch (e)
+      {
+        console.log("p3p: couldn't format address for "  + obj.business.name);
       }
     }
 
     s += "\n</html:p>\n";
-
     this.description.appendChild(div);
     div.innerHTML += s;
@@ -321 +364 @@
     var parent_window = window.arguments ? window.arguments[1] : null;
     let link = document.getElementById("shrp");
-    link.addEventListener("click", function (e) {
-       let browser = parent_window.gBrowser;
-       browser.selectedTab =  browser.addTab(discuri);
-       e.cancel = true;
-       e.stopPropagation();
-       e.preventDefault();
-       return false;
-    }, false);
+
+    if (discuri)
+    {
+      link.addEventListener("click", function (e) {
+         let browser = parent_window.gBrowser;
+         browser.selectedTab =  browser.addTab(discuri);
+         e.cancel = true;
+         e.stopPropagation();
+         e.preventDefault();
+         return false;
+      }, false);
+    }
   },
 
@@ -351 +398 @@
 
     name = ref[ref.length - 1];
-    part[name] = value;
+
+    if (!part[name])
+      part[name] = value;
   },
 
@@ -383 +432 @@
         let desc = this.get_description(ref);
         if (!desc) desc = ref;
+
+        // special case as details are given separately
+        if (ref == "dynamic.miscdata")
+          continue;
+
         li = document.createElementNS("http://www.w3.org/1999/xhtml", "li");
         ul.appendChild(li);
@@ -407 +461 @@
 
         let purpose = this.purposes[el.nodeName];
-        if (!purpose) purpose = el.nodeName;
+        if (!purpose)
+          break;
 
         let li = document.createElementNS("http://www.w3.org/1999/xhtml", "li");
@@ -467 +522 @@
 
         let retention = this.retention[el.nodeName];
-        if (!retention) purpose = el.nodeName;
+
+        if (!retention)
+        {
+          purpose = el.nodeName;
+          retention = this.retention["undefined"];
+        }
 
         let li = document.createElementNS("http://www.w3.org/1999/xhtml", "li");
@@ -686 +746 @@
       "period of time. The absence of a retention policy would be " +
       "reflected under this option. Where the recipient is a public " +
-      "fora, this is the appropriate retention policy.</html:span>"
+      "fora, this is the appropriate retention policy.</html:span>",
+    "undefined" :
+      "<html:span>A site specific retention policy.</html:span>"
   },
 
@@ -699 +761 @@
   {
     "user.name" : "user's name",
+    "user.home-info" : "user's home contact information",
+    "user.home-info.postal" : "user's address",
+    "user.home-info.telecom" : "user's phone number",
+    "user.home-info.online.email" : "user's email",
     "user.employer" : "user's employer",
     "dynamic.clickstream" : "information typically found in Web " +

dashboard/chrome/locale/en-US/dashboard.dtd

@@ -164 +164 @@
  "sets the default preferences for sites for which you haven't set overrides">
 
-<!ENTITY dashboard.dialog.cursite.test
- "You can use the following buttons to check the current website in various ways. These use external websites and open in a new window.">
-
-<!ENTITY dashboard.dialog.cursite.test.norton.label
- "Check site with Norton SafeWeb...">
-<!ENTITY dashboard.dialog.cursite.test.freetrust.label
- "Check site with Free Trust Seal...">
-<!ENTITY dashboard.dialog.cursite.test.truste.label
- "Check site with TRUSTe...">
-
 <!-- share table info -->
 

dashboard/install.rdf

@@ -4 +4 @@
   <Description about="urn:mozilla:install-manifest">
     <em:id>dashboard@dave.raggett</em:id>
-    <em:version>0.9.6</em:version>
+    <em:version>0.9.8</em:version>
     <em:localized>
       <Description> <!-- example localization via google translate -->
@@ -26 +26 @@
         <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id> <!-- firefox -->
         <em:minVersion>3.0.9</em:minVersion>
-        <em:maxVersion>6.1</em:maxVersion>
+        <em:maxVersion>10.0</em:maxVersion>
       </Description>
     </em:targetApplication>