Check link text domain suspiciousness

* lisp/international/textsec.el (textsec-link-suspicious-p): Check
whether the domain in the link text is suspicious.

diff --git a/lisp/international/textsec.el b/lisp/international/textsec.el
index 017eb5dc9c41575689aba71192ea704e7489b981..c30d997b4fecf0934ba5d081f6ead7a1ec83f770 100644 (file)
--- a/lisp/international/textsec.el
+++ b/lisp/international/textsec.el
@@ -416,7 +416,13 @@ the same domain as the URL."
                                (url-domsuf-cookie-allowed-p tdomain)))))
             (throw 'found
                    (format "Text `%s' doesn't point to link URL `%s'"
-                           text url)))))))))
+                           text url)))
+           ((and tdomain
+                 (textsec-domain-suspicious-p tdomain))
+            (throw 'found
+                   (format "Domain `%s' in the link text is suspicious"
+                           (bidi-string-strip-control-characters
+                            tdomain))))))))))
 
 (provide 'textsec)
 

diff --git a/test/lisp/international/textsec-tests.el b/test/lisp/international/textsec-tests.el
index 31e9aefc73614251206cc0a56387048154f90b5f..44815ebb39ff5965b416204fd4ed620e9bda9e15 100644 (file)
--- a/test/lisp/international/textsec-tests.el
+++ b/test/lisp/international/textsec-tests.el
@@ -195,6 +195,8 @@
            (cons "https://www.gnu.org/"
                  "This is a link that doesn't point to fsf.org")))
 
-  )
+  (should (textsec-link-suspicious-p
+           (cons "https://www.gn\N{LEFT-TO-RIGHT ISOLATE}u.org/"
+                 "gn\N{LEFT-TO-RIGHT ISOLATE}u.org"))))
 
 ;;; textsec-tests.el ends here