[Bug 8190] New: A HREF with UTF-8 byte order marker before URI hides URI

bugzilla-daemon Wed, 27 Sep 2023 05:14:35 -0700

https://bz.apache.org/SpamAssassin/show_bug.cgi?id=8190


            Bug ID: 8190
           Summary: A HREF with UTF-8 byte order marker before URI hides
                    URI
           Product: Spamassassin
           Version: 4.0.0
          Hardware: PC
                OS: Windows 10
            Status: NEW
          Severity: normal
          Priority: P2
         Component: spamassassin
          Assignee: [email protected]
          Reporter: [email protected]
  Target Milestone: Undefined

Created attachment 5913
  --> https://bz.apache.org/SpamAssassin/attachment.cgi?id=5913&action=edit
Sample spam that exhibits the problem

In a UTF-8 text/html section, the URI of a <a href=""> attribute can start with
leading whitespace after the opening quote browsers and mail clients will
ignore it and display the following http:// or https:// URI.

If a UTF-8 byte order marker (0xEF 0xBB 0xBF in UTF-8 = 0xFEFF in UTF-16)
follows the opening quote then SA will not see the following http:// or
https:// URI and will not check the URIs against URIBLs.

UTF-8 byte order markers should be discarded before  checking the value of the
URI.

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 8190] New: A HREF with UTF-8 byte order marker before URI hides URI

Reply via email to