HTML URLs are not enabled

[kiddo]

See attached files: most of my contacts don't run gajim and send me URLs that are not "enabled" by gajim (can't click on them). I was told this was because they are HTML urls (based on what we saw in the sample XML outputs), and can be security risks. For example, someone could do <a href="http://www.microsoft.com">www.gajim.org</a>.

I think it would be better to work around the problem than penalize users that receive html messages (I don't really think Gaim, Pandion, etc will fix their code before the next century).

Here are some possible solutions I thought out:

Slashdot-style: display the "real" URL besides the text

Replacement: replace the URL text by the real URL

Warning: when the user clicks the URL, *IF the real URL and the shown text do not match*, show a dialog warning him/her that the URL might be an attempt to lure him/her, and show the "real" URL. "We cannot be held responsible if suddenly thousands of catgirls fall on you from the sky".

In any case: copy-pasting URLs into a browser manually really sucks, especially since gajim selects the text that follows (and people often paste URLs then add comments 5 seconds later)

[nk]

I vote for Slashdot-style: display the "real" URL besides the text

[patrys]

But only if it differs from the actual link text.

[kiddo]

uh.. ping? (still running gajim SVN, this thing is annoying me daily). I tried grepping the code for "url", I guess it must be in conversation_textview.py, but I don't understand the stuff in there.

[kiddo]

a homemade patch that fixes the problem for URLs coming from gaim, what do you think?

[asterix]

(In [7567]) [kiddo] fix wrong gaim xhtml HREF tag. fixes #2644