Element-web: Custom link text can be used for phishing

Created on 16 Apr 2018  路  4Comments  路  Source: vector-im/element-web

Possibly even conditionally whenever link text is, "this", "here", "click here" etc

feature p2
Source
picture dbkr

Most helpful comment

ftr that's what Thunderbird also does:

Screenshot from 2020-08-17 14-09-40

picture babolivier on 17 Aug 2020
👍2

All 4 comments

So an option in settings that, when checked, auto-replaces any link posted with link text 'this', 'here', or 'click here' or similar and replaces it with the much-more-enlightening actual URL.

lampholder picture lampholder on 16 Apr 2018

Screen Shot 2020-08-17 at 11 45 49 AM

Including for example

/html

<a href="https://google.com">https://bing.com</a>

markdown

[https://bing.com](https://google.com)

Another solution is something similar to what Discord is doing. When you click a link they ask you if you trust the domain and you can allow once or always allow.

Twi1ightSparkle picture Twi1ightSparkle on 17 Aug 2020
👍1

The solution in Element iOS is very nice:
IMG_0379

Twi1ightSparkle picture Twi1ightSparkle on 17 Aug 2020

ftr that's what Thunderbird also does:

Screenshot from 2020-08-17 14-09-40

babolivier picture babolivier on 17 Aug 2020
👍2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

MurzNN picture MurzNN  路  3Comments
turt2live picture turt2live  路  3Comments
arthurlutz picture arthurlutz  路  3Comments
richvdh picture richvdh  路  3Comments
NotAFile picture NotAFile  路  3Comments