Insert link facilitates phishing attacks

Mark Doliner mark at
Tue Nov 19 16:14:30 EST 2013

Yeah, there are definitely things we could do to protect our users better.

On Tue, Nov 19, 2013 at 12:20 PM, Ashish Gupta <ashmew2 at> wrote:
> The security check could then follow the WYSIWIG approach and always open
> the link visible instead of whatever is contained in the URL.

Or at least warn the user and ask which URL they want to open.

We could also check links for malware and phishing using Google's Safe
Browsing API and warn the user.

More information about the Devel mailing list