Custom link text can be used for phishing #6532
Comments
|
So an option in settings that, when checked, auto-replaces any link posted with link text 'this', 'here', or 'click here' or similar and replaces it with the much-more-enlightening actual URL. |
|
Including for example
<a href="https://google.com">https://bing.com</a>
[https://bing.com](https://google.com)Another solution is something similar to what Discord is doing. When you click a link they ask you if you trust the domain and you can allow once or always allow. |
Twi1ightSparkle
changed the title
|
The solution in Element iOS is very nice: |
|
ftr that's what Thunderbird also does:
|
|
Depending on your browser, hovering a link shows the target in some status bar, e.g. down below here: On desktop, the only way I know how to preview a URL is to right click, which isn't good enough as it might be cut off after certain length. In my opinion, a tooltip on hover is also more intuitive for most users. I would like to see that added. Overall I am sad to see this issue existed for 3.5 years now, and concrete suggestions to prevent clear phishing attempts by checking for url mismatch have been made over a year ago, but as far as I know nothing has been done. Especially since it seems both important (security-relevant) for a system that claims to bolster your privacy, and relatively simple. |
This makes it possible for platforms like Electron apps, which lack a built-in URL preview in the status bar, to enable tooltip previews of links. Relates to: element-hq/element-web#6532 Signed-off-by: Johannes Marbach <[email protected]>
germain-gg
added
O-Occasional
Closes: element-hq#6532 Signed-off-by: Johannes Marbach <[email protected]>
* Add option to display tooltip on link hover This makes it possible for platforms like Electron apps, which lack a built-in URL preview in the status bar, to enable tooltip previews of links. Relates to: element-hq/element-web#6532 Signed-off-by: Johannes Marbach <[email protected]> * Gracefully handle missing platform * Use public access modifier Co-authored-by: Travis Ralston <[email protected]> * Use exact inequality Co-authored-by: Travis Ralston <[email protected]> * Document getAbsoluteUrl * Appease the linter * Clarify performance impact in comment Co-authored-by: Travis Ralston <[email protected]> * Use URL instead of anchor element hack * Wrap anchor in tooltip target and only allow focus on anchor * Use optional chaining Co-authored-by: Michael Telatynski <[email protected]> * Use double quotes for consistency * Accumulate and unmount tooltips and extract tooltipify.tsx * Fix indentation * Blur tooltip target on click * Remove space * Mention platform flag in comment * Add (simplistic) tests * Fix lint errors * Fix lint errors ... for real * Replace snapshot tests with structural assertions * Add missing semicolon * Add tooltips in link previews * Fix copyright Co-authored-by: Travis Ralston <[email protected]> Co-authored-by: Michael Telatynski <[email protected]>
* Enable URL tooltips for Element Desktop Closes: #6532 Signed-off-by: Johannes Marbach <[email protected]> * Fix access level Co-authored-by: Travis Ralston <[email protected]> * Add explicit access level where it exists in base class * Appease the linker Co-authored-by: Travis Ralston <[email protected]>
|
(please open a new issue with more detailed concerns - reopening this issue would be problematic for the processes in place) |
Will do, thanks for the heads up. As a sidenote, I would think that if the processes in place prevent reopening an issue that's been incorrectly closed, then there's something wrong with said processes that needs to be fixed. |
|
I've opened #22875 as continuation of this issue. |
Possibly even conditionally whenever link text is, "this", "here", "click here" etc
The text was updated successfully, but these errors were encountered: