https://bugs.kde.org/show_bug.cgi?id=446419
Bug ID: 446419
Summary: Scam detection triggers on links which read 'http://'
but point to 'https://'
Product: kontact
Version: 5.18.2
Platform: Gentoo Packages
OS: Linux
Status: REPORTED
Severity: minor
Priority: NOR
Component: mail
Assignee: kdepim-b...@kde.org
Reporter: keithhacks-kde...@yahoo.com
Target Milestone: ---
SUMMARY
In the HTML view of an e-mail message, benign links will trigger scam detection
if the displayed URL starts with "http://"; but the target URL starts with
"https://"; (or vice versa).
STEPS TO REPRODUCE
1. Send an e-mail to yourself, in rich text mode, containing a link with the
text "http://example.com"; which leads to "https://example.com";.
2. Open the e-mail in HTML view.
OBSERVED RESULT
A "This message may be a scam" warning appears.
EXPECTED RESULT
Scam detection should not be triggered on URLs with an HTTP/HTTPS protocol
mismatch, as long as the domain and path are the same. It's not a meaningful
difference, and displaying the warning in this case may condition users to
ignore it when there *is* a misleading link.
SOFTWARE/OS VERSIONS
Linux: Gentoo
KDE Plasma Version: 5.23.0
KDE Frameworks Version: 5.87.0
Qt Version: 5.15.2
ADDITIONAL INFORMATION
--
You are receiving this mail because:
You are watching all bug changes.
