-
Michael Gratton authored
This adds a check for malware spoofing of RFC 822 mailbox addresses such as those found in Mailsploit, and if found only displays the email address part and not the mailbox name part. Part 1 of Mailsploit mitigation. * src/engine/rfc822/rfc822-mailbox-address.vala (MailboxAddress): Add new is_spoofed method to check if the mailbox address looks like it has been spoofed. Add is_distinct method to determine if the name and the label is the same. Do whitespace and non-printing character stripping when generating display versions of the mailbox address, rename methods to make it more obvious what they do and update call sites. Add unit tests to cover all this. * src/client/conversation-viewer/conversation-message.vala (ConversationMessage): Check name is distinct and is not valid before displaying it. Use new MailboxAddress methods for getting display versions of the address, to ensure we get the stripped versions of the addresses. * src/client/conversation-list/formatted-conversation-data.vala (ParticipantDisplay): Ensure full addresses are always HTML-markup escaped before displaying them as markup, to avoid dropping "<address>" values as invalid HTML. Always show the full address if an address is invalid. * src/engine/util/util-string.vala (reduce_whitespace): Strip not only whitespace but also non-printing characters. Add unit tests.
71e0e683