[Pidgin] #4683: Security: Check href & body parts of links

Pidgin trac at pidgin.im
Fri Jan 18 23:24:51 EST 2008

#4683: Security: Check href & body parts of links
Reporter:  neomenlo     |       Owner:  lschiere                   
    Type:  enhancement  |      Status:  new                        
Priority:  minor        |   Component:  unclassified               
 Version:  2.3.1        |    Keywords:  security, links, url, virus
 Pending:  0            |  
 Many viruses spread by IM use deceptive URLs to trick the victim to click

 For example, I received an IM, but I copy and pasted the location and
 noticed the discrepancy.
 The link in blue said something like:[[BR]]
 [/ http://photobucket.com/numbers/number.jpg][[BR]]
 When the URL (href) went to:[[BR]]
 [/ http://otherwebsite.com/something.com]

 == 1: The URLs do not match ==
 I would like to see pidgin automatically check if the urls are different,
 and warn the user that the link is high risk and deceptive. However, a few
 links are sent with a completely different body by wrapping a few words
 with a url.

 == 2: The url leads to an executable ==
 I don't think I've ever seen an executable transfered via IM protocol. So,
 links to executables should also bring up a warning dialog telling the

Ticket URL: <http://developer.pidgin.im/ticket/4683>
Pidgin <http://pidgin.im>

More information about the Tracker mailing list