https://bugs.kde.org/show_bug.cgi?id=510551
Bug ID: 510551
Summary: False positive scam detection when an <a> tag contains
the "title" attribute of which the content is the URL
with uppercase letters
Classification: Applications
Product: kmail2
Version First 6.5.2
Reported In:
Platform: Arch Linux
OS: Linux
Status: REPORTED
Severity: normal
Priority: NOR
Component: general
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
Created attachment 185725
--> https://bugs.kde.org/attachment.cgi?id=185725&action=edit
False positive scam mail
SUMMARY
When viewing a HTML message, if an <a> tag contains the "title" attribute of
which the content is the URL with uppercase letters, then KMail warns about
scam, despite the fact that the URL in the "title" attribute is identical to
the actual one.
Here is an example snippet, which is also included in the attached mbox file:
<a href="https://example.org/A";
title="https://example.org/A";>https://example.org/A</a>
STEPS TO REPRODUCE
0. Make sure scam detection is enabled
1. Download the attached sample file
2. Open it with KMail
3. View it in the HTML mode, if it is not the default behavior
OBSERVED RESULT
KMail warns about a possible scam, insisting that there is a link which points
to https://example.org/a but reads as https://example.org/A (notice how the
uppercase letters are converted to the lowercase ones)
EXPECTED RESULT
No scam should be reported
SOFTWARE/OS VERSIONS
Operating System: Arch Linux
KDE Plasma Version: 6.4.5
KDE Frameworks Version: 6.18.0
Qt Version: 6.10.0
Kernel Version: 6.17.1-arch1-1 (64-bit)
Graphics Platform: Wayland
ADDITIONAL INFORMATION
There are some real-world HTML mail clients that indeed compose links in this
way, which is the reason why I found this bug.
--
You are receiving this mail because:
You are watching all bug changes.
