MicrosoftDocs / msteams-docs

Source for the Microsoft Teams developer platform documentation.
https://aka.ms/teamsdev
Creative Commons Attribution 4.0 International
288 stars 511 forks source link

Link Unfurling - Unfurling card content is not getting truncated on Firefox (working fine with Teams app and chrome) #8419

Open Abhiram219 opened 1 year ago

Abhiram219 commented 1 year ago

We've implemented link unfurling for the links in Microsoft Teams. When the links are pasted into Firefox(Mac), Unfurling card content is not getting truncated. This is working fine on Chrome and Teams client. Attaching a video reference for the same.

https://user-images.githubusercontent.com/60126553/229704472-1f452f00-ff7d-4a66-9630-0562f69ec696.mov

ghost commented 1 year ago

Hi Abhiram219! Thank you for bringing this issue to our attention. We will investigate and if we require further information we will reach out in one business day. Please use this link to escalate if you don't get replies.

Best regards, Teams Platform

Nivedipa-MSFT commented 1 year ago

@Abhiram219 - Thanks for reporting your issue. Could you please share the link to test at our end?

Abhiram219 commented 1 year ago

@Nivedipa-MSFT https://emprdutah01.service-now.com/kb/en/what-are-phishing-scams-and-how-can-i-avoid-them?id=kb_article_view&sys_kb_id=3020c9b1474321009db4b5b08b9a712d&a=b

Nivedipa-MSFT commented 1 year ago

@Abhiram219 - Could you please share the card payload for unfurl card?

Abhiram219 commented 1 year ago

@Nivedipa-MSFT {"composeExtension":{"attachments":[{"content":{"type":"AdaptiveCard","body":[{"items":[{"color":null,"horizontalAlignment":null,"isSubtle":false,"maxLines":0,"size":"small","text":"Article | IT","weight":"lighter","wrap":true,"separator":false,"type":"TextBlock"},{"color":null,"horizontalAlignment":null,"isSubtle":false,"maxLines":0,"size":"medium","text":"What are phishing scams and how can I avoid them?\n\t\t","weight":"bolder","wrap":true,"spacing":"None","separator":false,"type":"TextBlock"},{"color":null,"horizontalAlignment":null,"isSubtle":false,"maxLines":2,"size":null,"text":"Phishing explained\nPhishing Explained\nPhishing scams are typically fraudulent email messages appearing to come from legitimate enterprises (e.g., your company, your Internet service provider, your bank). These messages usually direct you to a spoofed web site or otherwise get you to divulge private information (e.g., passphrase, credit card, or other account updates). The perpetrators then use this private information to commit identity theft.\nOne type of phishing attempt is an email message stating that you are receiving it due to fraudulent activity on your account, and asking you to \"click here\" to verify your information.\nPhishing scams are crude social engineering tools designed to induce panic in the reader. These scams attempt to trick recipients into responding or clicking immediately, by claiming they will lose something (e.g., email, bank account). Such a claim is always indicative of a phishing scam, as responsible companies and organizations will never take these types of actions via email.\nSpecific types of phishing\nPhishing scams vary widely in terms of their complexity, the quality of the forgery, and the attacker's objective. Several distinct types of phishing have emerged.\nSpear phishing\nPhishing attacks directed at specific individuals, roles, or organizations are referred to as \"spear phishing\". Since these attacks are so pointed, attackers may go to great lengths to gather specific personal or institutional information in the hope of making the attack more believable and increasing the likelihood of its success.\nThe best defense against spear phishing is to carefully, securely discard information (i.e., using a cross-cut shredder) that could be used in such an attack. Further, be aware of data that may be relatively easily obtainable (e.g., your title at work, your favorite places, or where you bank), and think before acting on seemingly random requests via email or phone.\nWhaling\nThe term \"whaling\" is used to describe phishing attacks (usually spear phishing) directed specifically at executive officers or other high-profile targets within a business, government, or other organization.\nAvoiding phishing scams\nThe Company and other reputable organizations will never use email to request that you reply with your passphrase, Social Security number, or confidential personal information. Be suspicious of any email message that asks you to enter or verify personal information, through a web site or by replying to the message itself. Never reply to or click the links in a message. If you think the message may be legitimate, go directly to the company's web site (i.e., type the real URL into your browser) or contact the company to see if you really do need to take the action described in the email message.\nWhen you recognize a phishing message, delete the email message from your Inbox, and then empty it from the deleted items folder to avoid accidentally accessing the web sites it points to.\nAlways read your email as plain text.\nPhishing messages often contain clickable images that look legitimate; by reading messages in plain text, you can see the URLs that any images point to. Additionally, when you allow your mail client to read HTML or other non-text-only formatting, attackers can take advantage of your mail client's ability to execute code, which leaves your computer vulnerable to viruses, worms, and Trojans.\nWarnings\nReading email as plain text is a general best practice that, while avoiding some phishing attempts, won't avoid them all. Some legitimate sites use redirect scripts that don't check the redirects. Consequently, phishing perpetrators can use these scripts to redirect from legitimate sites to their fake sites.\nAnother tactic is to use a homograph attack, which, due to International Domain Name (IDN) support in modern browsers, allows attackers to use different languagecharacter sets to produce URLs that look remarkably like the authentic ones.\nReporting phishing attempts\nIf the phishing attempt targets the Company in any way (e.g., asks for the Company's Webmail users to \"verify their accounts\", includes a malicious PDF directed to human resources, or impersonates the Company), forward it with full headers to the Company Information Security Office. You can report a phishing scam attempt to the company that is being spoofed. You can also send reports to the Federal Trade Commission (FTC). Depending on where you live, some local authorities also accept phishing scam reports. Finally, you can send details to the Anti-Phishing Working Group, which is building a database of common scams to which people can refer.\nExample of a phishing scam\nThe following phishing scam was targeted at Servicenow users:\n-----------------------------------------------------------------\n\nFrom: \"SERVICENOW.ORG SUPPORT TEAM\" supportteam01@indiana.edu\nReply-To: \"SERVICENOW.ORG SUPPORT TEAM\" spupportteam@info.lt\nDate: Sat, 12 Jul 2008 17:42:05 -0400\nTo: \"Undisclosed-Recipient:;\"@iocaine.uits.indiana.edu\nSubject: CONFIRM YOUR ACCOUNT\n\nDear SERVICENOW.ORG Webmail Subscriber\n\nThis mail is to inform all our {SERVICENOW.ORG} webmail users that we\nwill be maintaining and upgrading our website in a couple of days from\nnow.As a Subscriber you are required to send us your Email account\ndetails to enable us know if you are still making use of your\nmailbox. Be informed that we will be deleting all mail account that is\nnot functioning to enable us create more space for new employees and\nmanagers in the company, You are to send your mail account details which\nare as follows:\n\nUser Name:\nPassword:\n*Date of birth:\n\nFailure to do this will immediately render your email address deactivated from our database.\n\nThank you for using SERVICENOW.ORG\nFROM THE SERVICENOW.ORG SUPPORT TEAM\n\n------------------------------------------------------------------","weight":null,"wrap":true,"spacing":"Medium","separator":false,"type":"TextBlock"},{"actions":[{"url":"https://emprdutah01.service-now.com/kb/en/what-are-phishing-scams-and-how-can-i-avoid-them?id=kb_article_view&sys_kb_id=3020c9b1474321009db4b5b08b9a712d&a=b","title":"View Article","type":"Action.OpenUrl"}],"spacing":"Large","separator":false,"type":"ActionSet"}],"separator":false,"type":"Container"}],"$schema":"http://adaptivecards.io/schemas/adaptive-card.json","version":"1.2"},"contentType":"application/vnd.microsoft.card.adaptive","preview":{"content":{"title":"What are phishing scams and how can I avoid them?\n\t\t","text":"Article | IT","images":[{"alt":"Service Now","url":"https://in-prod.asyncgw.teams.microsoft.com/urlp/v1/url/content?url=https%3a%2f%2femprdutah01.service-now.com%2fNotes.png"}]},"contentType":"application/vnd.microsoft.card.hero"}}],"type":"result","attachmentLayout":"list"},"responseType":"composeExtension"}

Nivedipa-MSFT commented 1 year ago

@Abhiram219 - We are able to repro your issue. We have tested this using Edge browser and safari browser on Windows. On Edge browser the Unfurling card content is truncated but on safari browser the content is not truncated.

We have tested this on safari version 111.0.1 and edge version 111.0.1661.51.

image

image

We have raised a bug for the same. We will let you know once we get any updates on it.

Nivedipa-MSFT commented 1 year ago

@Abhiram219 - The bug has been fixed now. We have tested this on Teams web client on Windows using Firefox version 117.0.1 and edge version 117.0.2045.43. Could you please test this and confirm once?