- Just an email address - should open a chat with abc@example.org
- email address with subject - should open a chat with abc@example.org and fill
testing mailto uris
; as we created the chat in the previous step, it should not askChat with …
but directly open the chat - email address with body - should open a chat with abc@example.org, draft
this is a test
- email address with subject and body - should open a chat with abc@example.org, draft
testing mailto uris
this is a test
- HTML encoding - should open a chat with info@example.org
- more HTML encoding - should open a chat with simplebot@example.org, dra
For each problem, I listed one or multiple possible solution(s), and sometimes I added in brackets where I got the idea from, e.g. "(Signal)".
-
Possible attack: Change the display name to "Bob ✅" to make Alice think that this account is verified.
- Solution: Forbid some characters in display names and groups, e.g. ✅, ✔️, ☑️, 🔒, 🔓, 🔓, 🔏, 🛡️, 🔑, 🗝️, ⚿, 🔐, ㊙️, ㊙ (japanese for 'secret'), 🟢, 🔵, 🟩, 🟦, 🔷, 🔹, 🛡, ✓, ✔, ☑, 🮱, 🗸, 🗹, 🗝, ⚿
-
People don't know what verified groups are
-
There once was the idea of renaming them to "protected" groups (see "History" below), but it was not sure whether this improves things