Mails with vCard are marked as scam

VERIFIED FIXED

Status

SeaMonkey
MailNews: Message Display
VERIFIED FIXED
12 years ago
11 years ago

People

(Reporter: mcsmurf, Assigned: Ian Neal)

Tracking

({fixed-seamonkey1.0, fixed-seamonkey1.1a})

Trunk
fixed-seamonkey1.0, fixed-seamonkey1.1a

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment, 2 obsolete attachments)

(Reporter)

Description

12 years ago
When viewing a mail with a vCard in HTML View, the mail is marked as scam. The
problem is the first button in the mail labeled "View Complete Card". This form
element has no action, so
http://lxr.mozilla.org/mozilla/source/mailnews/base/resources/content/phishingDetector.js#78
returns true for isEmailScam. Maybe it should just check the action if it is != "".
(Assignee)

Comment 1

12 years ago
Created attachment 196528 [details] [diff] [review]
Add check for View button too v0.1

View Button only shows up if JS is enabled for mailnews

This patch:
* Checks for non-empty action as well as non-addbook action
Assignee: mail → iann_bugzilla
Status: NEW → ASSIGNED
Attachment #196528 - Flags: review?(neil.parkwaycc.co.uk)

Comment 2

12 years ago
Comment on attachment 196528 [details] [diff] [review]
Add check for View button too v0.1

Although, I'd prefer it if you could tweak mimevcrd.cpp to use an input
type="button" without a form...
Attachment #196528 - Flags: review?(neil.parkwaycc.co.uk) → review+
(Reporter)

Comment 3

12 years ago
Comment on attachment 196528 [details] [diff] [review]
Add check for View button too v0.1

Easy review
btw: Does TB not display vCards inline? Or does it need such a patch, too?
Attachment #196528 - Flags: superreview?(bienvenu)

Comment 4

12 years ago
Comment on attachment 196528 [details] [diff] [review]
Add check for View button too v0.1

tbird doesn't display the view complete card, afaik.
Attachment #196528 - Flags: superreview?(bienvenu) → superreview+
(Assignee)

Comment 5

12 years ago
Created attachment 209524 [details] [diff] [review]
Unbitrotted patch v0.1a

Unbitrotted version of patch, carrying forward r/sr and requesting a= for SM1.0 and SM1.1
Attachment #196528 - Attachment is obsolete: true
Attachment #209524 - Flags: superreview+
Attachment #209524 - Flags: review+
Attachment #209524 - Flags: approval-seamonkey1.1?
Attachment #209524 - Flags: approval-seamonkey1.0?

Comment 6

12 years ago
Comment on attachment 209524 [details] [diff] [review]
Unbitrotted patch v0.1a

>-      isEmailScam = !/^addbook:/.test(forms[index].action);
>+      isEmailScam = forms[i].action != "" && !/^addbook:/.test(forms[index].action);


It looks to me as if that should be |forms[index]| instead of |forms[i]| (also from looking at the first patch)...

With that fix (and given that detection has been tested to work correctly with that patch), a=me for 1.1 and 1.0
Attachment #209524 - Flags: approval-seamonkey1.1?
Attachment #209524 - Flags: approval-seamonkey1.1+
Attachment #209524 - Flags: approval-seamonkey1.0?
Attachment #209524 - Flags: approval-seamonkey1.0+
(Assignee)

Comment 7

12 years ago
Created attachment 209829 [details] [diff] [review]
Checked in patch v0.1b (Checked in trunk, branch 1.8 & branch 1.8.0)

Checking in (trunk)
phishingDetector.js;
new revision: 1.5; previous revision: 1.4
done
Checking in (branch 1.8)
phishingDetector.js;
new revision: 1.1.2.3; previous revision: 1.1.2.2
done
Checking in (branch 1.8.0)
phishingDetector.js;
new revision: 1.1.2.1.4.2; previous revision: 1.1.2.1.4.1
done
Attachment #209524 - Attachment is obsolete: true
(Assignee)

Updated

12 years ago
Status: ASSIGNED → RESOLVED
Last Resolved: 12 years ago
Keywords: fixed-seamonkey1.0
Resolution: --- → FIXED
Verified FIXED with a new profile using build 2006-03-26-06 of SeaMonkey trunk on Windows XP.
Status: RESOLVED → VERIFIED

Updated

11 years ago
Keywords: fixed-seamonkey1.1a
You need to log in before you can comment on or make changes to this bug.