nextcloud / mail

💌 Mail app for Nextcloud

https://apps.nextcloud.com/apps/mail

GNU Affero General Public License v3.0

851 stars 263 forks source link

Email links trigger phishing warning #10329

Open thstyl2000 opened 2 weeks ago

thstyl2000 commented 2 weeks ago

Steps to reproduce

Receive a reply
Reply starts with: "person person" person.person@interesting.site - <date>
You get a phishing warning because link text does not match address: href: /apps/mail/mailto?to=person.person%40interesting.site : link text person.person@interesting.site

Expected behavior

You don't get a warning.

Actual behavior

You get a phishing warning

Mail app version

4.0.2

Nextcloud version

30.0.1

Mailserver or service

imap (dovecot)

Operating system

freebsd

PHP engine version

PHP 8.2

Nextcloud memory caching

No response

Web server

Nginx

Database

MariaDB

Additional info

No response

thstyl2000 commented 1 day ago

8776 might also be related: Writing links in an "non working" encoding probably triggers phishing warning.