From 7cfc0bd6a9fe9f04f29091e226d5528224d4d409 Mon Sep 17 00:00:00 2001 From: Lars Ingebrigtsen Date: Thu, 20 Jan 2022 08:01:20 +0100 Subject: [PATCH] Check link text domain suspiciousness * lisp/international/textsec.el (textsec-link-suspicious-p): Check whether the domain in the link text is suspicious. --- lisp/international/textsec.el | 8 +++++++- test/lisp/international/textsec-tests.el | 4 +++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/lisp/international/textsec.el b/lisp/international/textsec.el index 017eb5dc9c4..c30d997b4fe 100644 --- a/lisp/international/textsec.el +++ b/lisp/international/textsec.el @@ -416,7 +416,13 @@ the same domain as the URL." (url-domsuf-cookie-allowed-p tdomain))))) (throw 'found (format "Text `%s' doesn't point to link URL `%s'" - text url))))))))) + text url))) + ((and tdomain + (textsec-domain-suspicious-p tdomain)) + (throw 'found + (format "Domain `%s' in the link text is suspicious" + (bidi-string-strip-control-characters + tdomain)))))))))) (provide 'textsec) diff --git a/test/lisp/international/textsec-tests.el b/test/lisp/international/textsec-tests.el index 31e9aefc736..44815ebb39f 100644 --- a/test/lisp/international/textsec-tests.el +++ b/test/lisp/international/textsec-tests.el @@ -195,6 +195,8 @@ (cons "https://www.gnu.org/" "This is a link that doesn't point to fsf.org"))) - ) + (should (textsec-link-suspicious-p + (cons "https://www.gn\N{LEFT-TO-RIGHT ISOLATE}u.org/" + "gn\N{LEFT-TO-RIGHT ISOLATE}u.org")))) ;;; textsec-tests.el ends here -- 2.39.5