GNOME Bugzilla – Bug 300424
[rfe] evolution should check if urls in html mail are obvious spoofs
Last modified: 2005-07-16 13:55:33 UTC
An idea of a friend of mine: If Evolution receives an HTML email that contains a link like this: [a href="http://bad.guys.net/"]https://secure.paypal.com/[/a] In the case that the shown link (ie: the part the user sees) starts with http: or https: then it should check to ensure that the href URL is equal to the URL that is shown to the user. If it isn't, it should do something appropriate (like give a warning, disable the link, show the correct link URL, etc).
Few things to think about: (writing htp instead of http to prevent bugzilla auto-linking) [a href='htp://death/'] htp://life/[/a] [a href='htp://death/'][span]htp://life/[/span][/a] [a href='htp://death/']h[b][/b]tp://life/[/a] etc But since 99.99% of the time there are no tags inside of a link, these are fairly marginal cases.
No comment why? This is a big feature that lots of other clients are picking up; we need to think about doing the same.
And confirming.
*** This bug has been marked as a duplicate of 256160 ***