Open Bug 212999 Opened 21 years ago Updated 2 years ago

submitting a form from an email should give a warning

Categories

(Core :: DOM: Core & HTML, enhancement)

enhancement

Tracking

()

People

(Reporter: advax, Unassigned)

References

Details

User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20030225 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20030225 I was trying to think of a way to alert on the PayPal fraud - an HTML mail with paypal.com images includes a form for users to submit private information to http://www.paypal.com.0000000...11100011@noapache.nomorebullshitsite.com With standard settings there is only the warning about sending unencrypted data that most users turn off. While experimenting with settings I noticed that if a secure form sends data to a totally different secure server there is no warning. But I guess this isn't really a big problem and some legitimate businesses direct users around a series of secure servers for load balancing. Maybe there should be a warning when submitting a form from a mail message, such as "this data will be sent to nomorebullshite.com; OK ?" Reproducible: Always Steps to Reproduce: 1. 2. 3.
There's really no difference between sending from a form in a mail, or in a webpage. The problem with that PayPal scam (I got them too), is that you're sending to a different host then you're thinking. Dupe of bug 122445 by way of bug 212296. *** This bug has been marked as a duplicate of 122445 ***
Status: UNCONFIRMED → RESOLVED
Closed: 21 years ago
Resolution: --- → DUPLICATE
The problem with the paypal scam is that you're typing your paypal password into a form that is part of a page (in this case, an e-mail) that you cannot trust. This is not a dup of bug 122445. This is just invalid.
As Jesse says, although I refer to the PayPal scam, this is not "warn user of scammy URLs", this is "warn user about what domain they are sending data to" for an email message. If a user is prompted to reply to an email, their client shows the full email address and domain in a wide box, so they can decide if it looks legitimate. If they visit a website, then they see the padlock icon, if SSL, and they see the URL in the location bar and have an opportunity to check the domain (var bug 122445). For an email message, there is no equivalent. There is no "view message info" button, the user must "show message source" and be able to read possibly obfuscated HTML to see the destination of the form. The "From" address shown in "normal headers" is totally forgable. Many legitimate listservs and legitimate opt-in newsletters have list management links or forms, so IMO it would be useful to have a warning of some kind. It's not much good to tell people not to display mail in HTML or never to trust email from anyone unless it has an S/MIME signature, or always to read the fine print to discover which organizations never send email and which do. I realize that if the user has enabled JavaScript in email that the message can send all sorts of user/browser information with no warning, but at least the user hasn't typed in anything like a credit card number.
Status: RESOLVED → UNCONFIRMED
Resolution: DUPLICATE → ---
Ok, makes sense, at least when JavaScript is disabled in mail messages. (When JavaScript is enabled, the script can communicate form information to a site in many ways, as you said.) To protect against dialog fatigue, there could be a checkbox for "Don't warn me when I submit e-mail forms to https://www.paypal.com".
Status: UNCONFIRMED → NEW
Ever confirmed: true
I think this is going to be a depends on bug 122445, and if so, I'll QA it. If not, remove the depenency and me from qa.
Depends on: 122445
QA Contact: ashshbhatt → benc
Assignee: form-submission → nobody
QA Contact: benc → form-submission
Component: HTML: Form Submission → DOM: Core & HTML
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.