[PM-19814] Add redirect to warning page when a phishing domain is detected.

apps/browser/src/manifest.v3.json

@@ -175,6 +175,7 @@
         "overlay/menu.html",
         "overlay/button.html",
         "overlay/list.html",
+        "phishing/warning.html",
         "popup/fonts/*"
       ],
       "matches": ["<all_urls>"]

apps/browser/src/phishing-detection/pages/warning.html

@@ -0,0 +1,87 @@
+<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <title>Phishing site detected</title>
+  </head>
+  <body
+    style="
+      margin: 0;
+      font-family: &quot;Segoe UI&quot;, sans-serif;
+      background-color: #f2f5f7;
+      display: flex;
+      justify-content: center;
+      align-items: center;
+      min-height: 100vh;
+      flex-direction: column;
+      text-align: center;
+    "
+  >
+    <img
+      src="https://bitwarden.com/assets/images/branding/wordmark-horizontal-blue.svg"
+      alt="Bitwarden logo"
+      style="margin: 20px auto; width: 150px"
+    />
+
+    <div
+      style="
+        background-color: white;
+        padding: 40px 30px;
+        border-radius: 10px;
+        box-shadow: 0 0 10px rgba(0, 0, 0, 0.05);
+        max-width: 400px;
+        margin: 20px auto;
+      "
+    >
+      <div style="font-size: 48px; margin-bottom: 10px">🏢⚠️</div>
+
+      <h2 style="font-size: 20px; margin-bottom: 8px">Phishing site detected</h2>
+
+      <p style="color: #555; margin-bottom: 20px">
+        Bitwarden has prevented this page from loading.
+      </p>
+
+      <div style="text-align: left; margin: 20px 0">
+        <label for="url" style="font-size: 14px; color: #777; display: block; margin-bottom: 4px"
+          >Phishing url</label
+        >
+        <input
+          id="url"
+          value="https://catphish.gotcha.io"
+          readonly
+          style="
+            width: 100%;
+            padding: 10px;
+            font-size: 14px;
+            border: 1px solid #c0c0c0;
+            border-radius: 6px;
+            background-color: #f0f0f0;
+          "
+        />
+      </div>
+
+      <a
+        style="
+          background-color: #1d4ed8;
+          color: white;
+          border: none;
+          padding: 12px 20px;
+          border-radius: 8px;
+          font-size: 16px;
+          cursor: pointer;
+          width: 100%;
+          margin-top: 20px;
+        "
+        onclick="alert('Exiting...')"
+      >
+        Exit page
+      </a>
+    </div>
+
+    <div style="font-size: 14px; color: #666; margin-top: 20px">
+      <span>Question?</span>
+      <a href="#" style="color: #2563eb; text-decoration: none; margin-left: 5px">Action here</a>
+    </div>
+  </body>
+</html>

apps/browser/src/phishing-detection/phishing-detection.enum.ts

@@ -1,3 +1,4 @@
 export enum PhishingDetectionCommands {
   CheckUrl = "CheckUrl",
+  RedirectToWarningPage = "RedirectToWarningPage",
 }

apps/browser/src/phishing-detection/trigger-phishing-detection-script-injection.ts

@@ -23,14 +23,21 @@ async function loadPhishingDetectionContent() {
   if (!response) {
     return;
   }
-
   const { isPhishingDomain } = response;
 
-  if (isPhishingDomain) {
-    const url = new URL(activeUrl);
-
-    PhishingDetectionBrowserService.notifyUser(url.hostname);
+  if (!isPhishingDomain) {
+    return;
   }
+
+  const url = new URL(activeUrl);
+
+  const warningUrl = chrome.runtime.getURL("phishing/warning.html");
+
+  await chrome.runtime.sendMessage({
+    command: PhishingDetectionCommands.RedirectToWarningPage,
+    url: warningUrl,
+    phishingHost: url.hostname,
+  });
 }
 
 logService.info("Phishing Detection Service loaded.");

apps/browser/src/platform/services/phishing-detection.service.ts

@@ -35,7 +35,7 @@ export class PhishingDetectionService {
     PhishingDetectionService.storageService = storageService;
     PhishingDetectionService.taskSchedulerService = taskSchedulerService;
 
-    PhishingDetectionService.setupCheckUrlListener();
+    PhishingDetectionService.setupListeners();
 
     // Register the update task
     this.taskSchedulerService.registerTaskHandler(
@@ -223,4 +223,21 @@ export class PhishingDetectionService {
       }
     });
   }
+
+  static setupRedirectToWarningPageListener(): void {
+    BrowserApi.addListener(chrome.runtime.onMessage, async (message, sender, sendResponse) => {
+      if (message.command === PhishingDetectionCommands.RedirectToWarningPage) {
+        PhishingDetectionService.logService.debug("RedirectToWarningPage handler", {
+          message,
+        });
+
+        await chrome.tabs.update(sender.tab.id, { url: message.url });
+      }
+    });
+  }
+
+  static setupListeners(): void {
+    this.setupCheckUrlListener();
+    this.setupRedirectToWarningPageListener();
+  }
 }

apps/browser/webpack.config.js

@@ -145,6 +145,11 @@ const plugins = [
     filename: "overlay/list.html",
     chunks: ["overlay/list"],
   }),
+  new HtmlWebpackPlugin({
+    template: "./src/phishing-detection/pages/warning.html",
+    filename: "phishing/warning.html",
+    chunks: ["phishing/warning"],
+  }),
   new CopyWebpackPlugin({
     patterns: [
       {