From c017ee0cb76019bd6a5e8092eda6b33a20a088ab Mon Sep 17 00:00:00 2001 From: "bugzilla%arlen.demon.co.uk" Date: Tue, 29 Nov 2005 23:54:38 +0000 Subject: [PATCH] Bug 317720 Some emails use to get round phishing detection p=me r=neil.parkwaycc.co.uk sr=mscott --- mail/base/content/phishingDetector.js | 8 ++++---- mailnews/base/resources/content/phishingDetector.js | 13 +++++++------ 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/mail/base/content/phishingDetector.js b/mail/base/content/phishingDetector.js index c1e36cf6c22c..d7107e176039 100644 --- a/mail/base/content/phishingDetector.js +++ b/mail/base/content/phishingDetector.js @@ -64,10 +64,10 @@ function isMsgEmailScam(aUrl) // loop through all of the link nodes in the message's DOM, looking for phishing URLs... var msgDocument = document.getElementById('messagepane').contentDocument; - // examine all anchor tags... - var anchorNodes = msgDocument.getElementsByTagName("a"); - for (var index = 0; index < anchorNodes.length && !isEmailScam; index++) - isEmailScam = isPhishingURL(anchorNodes[index], true); + // examine all links... + var linkNodes = msgDocument.links; + for (var index = 0; index < linkNodes.length && !isEmailScam; index++) + isEmailScam = isPhishingURL(linkNodes[index], true); // if an e-mail contains a form element, then assume the message is a phishing attack. // Legitimate sites should not be using forms inside of e-mail. diff --git a/mailnews/base/resources/content/phishingDetector.js b/mailnews/base/resources/content/phishingDetector.js index b0291107310b..ee6c1424e118 100755 --- a/mailnews/base/resources/content/phishingDetector.js +++ b/mailnews/base/resources/content/phishingDetector.js @@ -63,19 +63,20 @@ function isMsgEmailScam(aUrl) // loop through all of the link nodes in the message's DOM, looking for phishing URLs... var msgDocument = document.getElementById('messagepane').contentDocument; + var index; - // examine all anchor tags... - var anchorNodes = msgDocument.getElementsByTagName("a"); - for (var index = 0; index < anchorNodes.length && !isEmailScam; index++) - isEmailScam = isPhishingURL(anchorNodes[index], true); + // examine all links... + var linkNodes = msgDocument.links; + for (index = 0; index < linkNodes.length && !isEmailScam; index++) + isEmailScam = isPhishingURL(linkNodes[index], true); // if an e-mail contains a non-addressbook form element, then assume the message is // a phishing attack. Legitimate sites should not be using forms inside of e-mail if (!isEmailScam) { var forms = msgDocument.getElementsByTagName("form"); - for (var i = 0; i < forms.length && !isEmailScam; i++) - isEmailScam = forms[i].action.search("addbook") != 0; + for (index = 0; index < forms.length && !isEmailScam; index++) + isEmailScam = !/^addbook:/.test(forms[index].action); } // we'll add more checks here as our detector matures....