[Pidgin] #12610: too easy to accidentially create clickjacking link
Pidgin
trac at pidgin.im
Tue Sep 7 16:48:04 EDT 2010
#12610: too easy to accidentially create clickjacking link
--------------------------+-------------------------------------------------
Reporter: dtrucken | Owner: rekkanoryo
Type: defect | Status: new
Component: unclassified | Version: 2.7.0
Keywords: |
--------------------------+-------------------------------------------------
When you paste a link into the window, for example:
http://www.angelfire.com/super/badwebs/
Then before sending it replace "angelfire.com/super/badwebs" with
"google.com"
The recipient clicks on http://www.google.com but goes to somewhere else.
I understand that you might want to replace the link text with something
else, but if the underlined part starts with "http://" or "https://" or
perhaps "<anything>://", then the underlined text should also be the link
target.
Pidgin 2.7.0 (libpurple 2.7.0) Ubuntu
--
Ticket URL: <http://developer.pidgin.im/ticket/12610>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list