remove phishing domain whitelist support

Remove all whitelist functionality from the phishing domain system.
The blocklist now only checks the blacklist — no whitelist overrides.

- Remove vendoredWhitelist and deltaWhitelist Sets
- Remove whitelist checks in isPhishingDomain()
- Remove whitelist from delta storage persistence
- Remove whitelist from loadConfig() delta computation
- Remove whitelist-specific test cases
- Update README to remove whitelist mention

Closes #114

tests/phishingDomains.test.js

@@ -23,9 +23,7 @@ const {
     hostnameVariants,
     _reset,
     _getVendoredBlacklistSize,
-    _getVendoredWhitelistSize,
     _getDeltaBlacklist,
-    _getDeltaWhitelist,
 } = require("../src/shared/phishingDomains");
 
 // Reset delta state before each test to avoid cross-test contamination.
@@ -45,21 +43,12 @@ describe("phishingDomains", () => {
             expect(_getVendoredBlacklistSize()).toBeGreaterThan(100000);
         });
 
-        test("vendored whitelist is loaded from bundled JSON", () => {
-            expect(_getVendoredWhitelistSize()).toBeGreaterThan(0);
-        });
-
         test("detects domains from vendored blacklist", () => {
             // These are well-known phishing domains in the vendored list
             expect(isPhishingDomain("hopprotocol.pro")).toBe(true);
             expect(isPhishingDomain("blast-pools.pages.dev")).toBe(true);
         });
 
-        test("vendored whitelist overrides vendored blacklist", () => {
-            // opensea.pro is whitelisted in the vendored config
-            expect(isPhishingDomain("opensea.pro")).toBe(false);
-        });
-
         test("getBlocklistSize includes vendored entries", () => {
             expect(getBlocklistSize()).toBeGreaterThan(100000);
         });
@@ -99,7 +88,6 @@ describe("phishingDomains", () => {
                     "brand-new-scam-site-xyz123.com",
                     "hopprotocol.pro", // already in vendored
                 ],
-                whitelist: [],
             });
             // Only the new domain should be in the delta
             expect(
@@ -109,30 +97,14 @@ describe("phishingDomains", () => {
             expect(getDeltaSize()).toBe(1);
         });
 
-        test("delta whitelist entries are computed correctly", () => {
-            loadConfig({
-                blacklist: [],
-                whitelist: [
-                    "new-safe-site-xyz789.com",
-                    "opensea.pro", // already in vendored whitelist
-                ],
-            });
-            expect(_getDeltaWhitelist().has("new-safe-site-xyz789.com")).toBe(
-                true,
-            );
-            expect(_getDeltaWhitelist().has("opensea.pro")).toBe(false);
-        });
-
         test("re-loading config replaces previous delta", () => {
             loadConfig({
                 blacklist: ["first-scam-xyz.com"],
-                whitelist: [],
             });
             expect(isPhishingDomain("first-scam-xyz.com")).toBe(true);
 
             loadConfig({
                 blacklist: ["second-scam-xyz.com"],
-                whitelist: [],
             });
             expect(isPhishingDomain("first-scam-xyz.com")).toBe(false);
             expect(isPhishingDomain("second-scam-xyz.com")).toBe(true);
@@ -142,7 +114,6 @@ describe("phishingDomains", () => {
             const baseSize = getBlocklistSize();
             loadConfig({
                 blacklist: ["delta-only-scam-xyz.com"],
-                whitelist: [],
             });
             expect(getBlocklistSize()).toBe(baseSize + 1);
         });
@@ -152,7 +123,6 @@ describe("phishingDomains", () => {
         test("detects domain from delta blacklist", () => {
             loadConfig({
                 blacklist: ["fresh-scam-xyz.com"],
-                whitelist: [],
             });
             expect(isPhishingDomain("fresh-scam-xyz.com")).toBe(true);
         });
@@ -174,34 +144,13 @@ describe("phishingDomains", () => {
         test("detects subdomain of blacklisted domain (delta)", () => {
             loadConfig({
                 blacklist: ["delta-phish-xyz.com"],
-                whitelist: [],
             });
             expect(isPhishingDomain("sub.delta-phish-xyz.com")).toBe(true);
         });
 
-        test("delta whitelist overrides vendored blacklist", () => {
-            // hopprotocol.pro is in the vendored blacklist
-            expect(isPhishingDomain("hopprotocol.pro")).toBe(true);
-            loadConfig({
-                blacklist: [],
-                whitelist: ["hopprotocol.pro"],
-            });
-            // Now whitelisted via delta — should not be flagged
-            expect(isPhishingDomain("hopprotocol.pro")).toBe(false);
-        });
-
-        test("vendored whitelist overrides delta blacklist", () => {
-            loadConfig({
-                blacklist: ["opensea.pro"], // opensea.pro is vendored-whitelisted
-                whitelist: [],
-            });
-            expect(isPhishingDomain("opensea.pro")).toBe(false);
-        });
-
         test("case-insensitive matching", () => {
             loadConfig({
                 blacklist: ["Delta-Scam-XYZ.COM"],
-                whitelist: [],
             });
             expect(isPhishingDomain("delta-scam-xyz.com")).toBe(true);
             expect(isPhishingDomain("DELTA-SCAM-XYZ.COM")).toBe(true);
@@ -212,7 +161,7 @@ describe("phishingDomains", () => {
             expect(isPhishingDomain(null)).toBe(false);
         });
 
-        test("handles config with no blacklist/whitelist keys", () => {
+        test("handles config with no blacklist key", () => {
             loadConfig({});
             expect(getDeltaSize()).toBe(0);
             // Vendored list still works
@@ -224,19 +173,16 @@ describe("phishingDomains", () => {
         test("saveDeltaToStorage persists delta under 256KiB", () => {
             loadConfig({
                 blacklist: ["persisted-scam-xyz.com"],
-                whitelist: ["persisted-safe-xyz.com"],
             });
             const stored = localStorage.getItem("phishing-delta");
             expect(stored).not.toBeNull();
             const data = JSON.parse(stored);
             expect(data.blacklist).toContain("persisted-scam-xyz.com");
-            expect(data.whitelist).toContain("persisted-safe-xyz.com");
         });
 
         test("delta is cleared on _reset", () => {
             loadConfig({
                 blacklist: ["temp-scam-xyz.com"],
-                whitelist: [],
             });
             expect(getDeltaSize()).toBe(1);
             _reset();
@@ -251,7 +197,7 @@ describe("phishingDomains", () => {
             expect(isPhishingDomain("blast-pools.pages.dev")).toBe(true);
         });
 
-        test("does not flag legitimate whitelisted domains", () => {
+        test("does not flag legitimate domains", () => {
             expect(isPhishingDomain("opensea.io")).toBe(false);
             expect(isPhishingDomain("etherscan.io")).toBe(false);
         });