https://bz.apache.org/SpamAssassin/show_bug.cgi?id=8190
Bug ID: 8190
Summary: A HREF with UTF-8 byte order marker before URI hides
URI
Product: Spamassassin
Version: 4.0.0
Hardware: PC
OS: Windows 10
Status: NEW
Severity: normal
Priority: P2
Component: spamassassin
Assignee: dev@spamassassin.apache.org
Reporter: joew...@surbl.org
Target Milestone: Undefined
Created attachment 5913
--> https://bz.apache.org/SpamAssassin/attachment.cgi?id=5913&action=edit
Sample spam that exhibits the problem
In a UTF-8 text/html section, the URI of a <a href=""> attribute can start with
leading whitespace after the opening quote browsers and mail clients will
ignore it and display the following http:// or https:// URI.
If a UTF-8 byte order marker (0xEF 0xBB 0xBF in UTF-8 = 0xFEFF in UTF-16)
follows the opening quote then SA will not see the following http:// or
https:// URI and will not check the URIs against URIBLs.
UTF-8 byte order markers should be discarded before checking the value of the
URI.
--
You are receiving this mail because:
You are the assignee for the bug.
