Insert link facilitates phishing attacks

Mark Doliner mark at kingant.net
Tue Nov 19 16:14:30 EST 2013


Yeah, there are definitely things we could do to protect our users better.

On Tue, Nov 19, 2013 at 12:20 PM, Ashish Gupta <ashmew2 at gmail.com> wrote:
> The security check could then follow the WYSIWIG approach and always open
> the link visible instead of whatever is contained in the URL.

Or at least warn the user and ask which URL they want to open.

We could also check links for malware and phishing using Google's Safe
Browsing API and warn the user.



More information about the Devel mailing list