URL zimlet in plaintext?

[Baylink]

As I read my mailing list mail in forced plaintext mode, occasionally, I'll mouse over a URL someone's typed into a message in plaintext.

And a popup will come up telling me the URL, which I already know.

I assume that's the URL Zimlet; can't it be modified to notice that the message window is in plaintext, and realize that there's no way to Phish there and that its services are not needed?

[dijichi2]

sounds like a good idea! these sorts of things should be filed as an rfe in bugzilla.

[Baylink]

Ah, yes... the long-standing "what's a bug, and what's a feature" discussion. :-)

If that's what the URL Zimlet was designed to do: assist in avoiding phishing attacks, then I think a fairly good case can be made that that is *not* an RFE: it's doing something it doesn't need to do: text messages can't phish, since they can't hide "real" URLs under links -- any links in the message were created by the MUA -- and indeed, probably by the URL zimlet -- in the first place.

[tdesorbaix]

As far as I know, the zimlet url is not designed to assist in avoiding phishing attacks.
It is only designed to detect links and allow you to click on it.
It can also show you a thumbnail in the tooltip if you activate it in the config_template.xml
If the preview thumbnail is disabled, then it will be replaced by a "URL: the url"

If you don't want to have any tooltip on url, edit the following in the zimlet :
-In the com_zimbra_url.zip, edit the url.js file
-replace the following :

Code:

Com_Zimbra_Url.prototype.toolTipPoppedUp =
function(spanElement, obj, context, canvas) {
	var url = obj;
	if (/^\s*true\s*$/i.test(this.getConfig("stripUrls"))) {
		url = url.replace(/[?#].*$/, "");
	}
	
	if(this._disablePreview){
		this._showUrlThumbnail(url,canvas);
	} else if (this._alexaId) {
		this._showAlexaThumbnail(url, canvas);
	} else {
		// Pre-load placeholder image
		(new Image()).src = this.getResource('blank_pixel.gif');
		this._showFreeThumbnail(url, canvas);
	}
};

by :

Code:

Com_Zimbra_Url.prototype.toolTipPoppedUp =
function(spanElement, obj, context, canvas) {
};

-Deploy your modified zimlet

[Baylink]

I was pretty clear, I thought.

I don't want to see a tooltip if I am in plaintext mode -- since it's not really useful.

I'm sure that it *is* useful -- and in fact for helping spot phishes -- if one is viewing HTML, and I wouldn't want to break it for that.

[dijichi2]

you're assuming it's just there for phising attacks - it's not, it's also there for convenience like many other zimlets. some people find it very useful for turning URLs in text messages into clickable links. some find it annoying and disable the zimlet (me!).

it's not a bug, just clearly it doesn't work precisely how you like it. as usual, fix it yourself or log a bug/rfe.

[Baylink]

Ok, yeah; I see what you mean. If you like those silly popups -- and like you, I don't -- then it would be useful even in text mode.

I do want to make a point, here, though.

"Fix it yourself" is probably practical in the context of a Zimlet.

But I don't think it's necessarily a reasonable response to, well, to things like this bug, for example. Getting to the point where one is practically capable of just off-hand fixing that, if one decides it's actually broken, entails getting married to an *enormous* code base, in at least 2 and maybe 3 different languages, with a truly amazing amount of scaffolding to hold them together; I think it's actually worse than trying to make a small change in Firefox.

Unless you're the guy who *wrote* it, in which case a) it's more like "Oh yeah: that's *here*. Zzzzap! Ok, what's next?" and b) that's part of what we're paying for. I'm a designer by vocation; figuring out what things could be done better for users and how -- and telling coders -- is what I've gotten paid for for over 20 years; it's a reflex. I know it offends open source coders, but there's not much I can do about it.

And both of those reasons are why I feel that it's a bit disingenous to dismiss such things with "we look forward to your patch", in this environment. :-)