# Security Interstitials
This directory contains the implementation of security interstitials -- warning
pages that are shown instead of web content when certain security events occur
(such as an invalid certificate on an HTTPS connection, or a URL that is flagged
by Safe Browsing).
This is a layered component that includes a `core/` implementation (which is
also used by `//ios/components/security_interstitials` for the iOS
implementation), and a `content/` implementation for Blink platforms.
Security interstitials are split between an HTML+JS front end (which defines
the actual contents shown) and a C++ backing implementation.
`core/common/resources/` contains the shared HTML+JS used across the various
interstitial types.
`core/common/mojom/` contains the Mojo IPC definitions that are used for the
interstitial JS to communicate back to the C++ interstitial code to execute
various actions the user can take on the interstitial page.
`core/browser/resources` contain the HTML+JS implementations of the various
interstitial types (such as the SSL interstitial or Safe Browsing interstitial).
When adding a new interstitial type, you should also add it to
`core/browser/resources/list_of_interstitials.html` and
`chrome/browser/ui/webui/interstitials/interstitial_ui.cc` so that it is listed
in the interstitial testing page at `chrome://interstitials`.
`ControllerClient` is the C++ logic that handles commands sent by the
interstitial JS. The specific implementation is extended by the embedder -- see
`content/security_interstitial_controller_client.h` and
`//ios/components/security_interstitials/ios_blocking_page_controller_client.h`.
Many interstitials follow the pattern of implementing a core “UI” class (like
`SSLErrorUI` for SSL interstitials), which configures details for the
interstitial HTML, and connects the specific blocking page implementation with
the controller client implementation.
In `content/`, the central classes are:
* `SecurityInterstitialControllerClient`, which handles commands from security
interstitial pages. This is used by and extended for each interstitial type.
* `SecurityInterstitialPage`, which handles the state of the interstitial page.
This is extended for each interstitial type.
* `SecurityInterstitialTabHelper`, which connects an interstitial page to a
WebContents, and owns the underlying interstitial page.
`//ios/components/security_interstitials/` has parallel implementations, but for
iOS where we can’t use `content/`.
This directory is not an exhaustive container of all security interstitials.
Some interstitial types build on the core component classes but are implemented
outside of this directory (e.g., `chrome/browser/lookalikes/`).
Codebase Browser
chromium