https://bugs.kde.org/show_bug.cgi?id=469930
Bug ID: 469930 Summary: Scam detection: Consider misleading substitute characters in URL userinfo Classification: Applications Product: kdepim Version: GIT (master) Platform: unspecified OS: All Status: REPORTED Severity: normal Priority: NOR Component: messageviewer Assignee: kdepim-bugs@kde.org Reporter: mia+...@0x0.st Target Milestone: --- Recently, some new gTLDs like .zip have been getting a lot of attention, with people pointing out how easily they can be used to mislead users. One the ways this can be done is to use the @ symbol and characters like ∕ (U+2215 DIVISION SLASH): https://download.kde.org∕stable∕krita∕5.1.5∕@kritax64515.zip The above URL leads to a domain called kritax64515.zip – what looks like a path on the download.kde.org domain to an unsuspecting user is merely the userinfo subcomponent of that URL. It is probably a good idea to try and detect this. -- You are receiving this mail because: You are the assignee for the bug.