https://bz.apache.org/SpamAssassin/show_bug.cgi?id=8111
Bug ID: 8111
Summary: DecodeShortURLs should support meta refresh
Product: Spamassassin
Version: 4.0.0
Hardware: PC
OS: Linux
Status: NEW
Severity: enhancement
Priority: P2
Component: Plugins
Assignee: dev@spamassassin.apache.org
Reporter: dilld...@bjork.org
Target Milestone: Undefined
Some shorteners seem to not use HTTP headers for redirection at all (at least
under certain circumstances, see bug #8110), but rather meta refresh in body.
While this would obviously be trickier to support in DecodeShortURLs, it would
be sweet if it was possible.
Example seen in spam (when using default spoofed browser UA, again see bug
#8110), originally leading to a phishing page:
https://t.co/QXabAdmraO
Honorable mention also goes to JS methods like window.location,
location.reload, and any others I haven't thought of. Would probably be
possible to regex all of these, rather than involve complex parsing libs,
though the latter is of course also possible.
--
You are receiving this mail because:
You are the assignee for the bug.
