For simple HTML, we should have each link followed by something that indicates the actual URL it points to, so if I had a link pointing to evil.com that read "http://good.com/enter_your_pin", you'd see: http://good.com/enter_your_pin [evil.com] I know the status bar shows the URL, but this is added protection for the 99/100 times when I don't look at the status bar before clicking a link. I thought about requesting this for "Original HTML", but came up with too many ways somebody evil could get around any solutions I could come up with.
13 years ago
Compare 278490, solution 1. As discussed at length on IRC yesterday, I am against this. I would like the Simple HTML be perfectly readable, and this interferes a lot with the text, esp. if you use links inline. And it doesn't help in all cases, e.g. grandma won't know what "eBay [220.127.116.11]" implies. (Real example from bug bug 278460 comment 1). Compare bug 254913, which I think is a good idea (but won't help in *all* cases).
(In reply to comment #1) > Compare 278490, solution 1. Doesn't work - that shows the entire URL. > And it doesn't help in all cases, e.g. grandma won't know what "eBay > [18.104.22.168]" implies. (Real example from bug bug 278460 comment 1). As some of the related bugs show, Eudora apparently warns users that legitimate sites rarely use numeric IPs. > Compare bug 254913, which I think is a good idea (but won't help in *all* cases). My problem with phishing detection is that we really screw the inexperienced user if we *occasionally* fail to a scam.
WONTFIXing. I'll deal with a port of bug 279191.