Can anyone point me to a reference document describing what the
"data-saferedirecturl" attribute on an <a> tag is supposed to be useful
for, and for bonus points any hints why it can't be trivially and
horribly abused by scammers?
Most of the search results I've turned up reference URL-munging observed
inside GMail, but clearly this is some broader HTML attribute or it
wouldn't be supported by mail clients.
As best I can tell it's a way to work around hiding the actual link
target address without using Javascript, and getting a bonus
tell-Google-where-you're-going if you click the link. The majority of
these I've come across bounce the link through Google Search because
Reasons, although some seem to be keen on abusing some other Google
redirector.
Unfortunately I'm also seeing these in legitimate mail, and the rule I
added locally a couple weeks ago for a subset of variations has
triggered a handful of FPs.
-kgd
"data-saferedirecturl" attribute on an <a> tag is supposed to be useful
for, and for bonus points any hints why it can't be trivially and
horribly abused by scammers?
Most of the search results I've turned up reference URL-munging observed
inside GMail, but clearly this is some broader HTML attribute or it
wouldn't be supported by mail clients.
As best I can tell it's a way to work around hiding the actual link
target address without using Javascript, and getting a bonus
tell-Google-where-you're-going if you click the link. The majority of
these I've come across bounce the link through Google Search because
Reasons, although some seem to be keen on abusing some other Google
redirector.
Unfortunately I'm also seeing these in legitimate mail, and the rule I
added locally a couple weeks ago for a subset of variations has
triggered a handful of FPs.
-kgd