Bug 382855: plain text RFC2396E IP urls marked as scam, also don't mark

links to 127.x.x.x as scam
r=philringnalda

mail/base/content/phishingDetector.js

@@ -151,7 +151,11 @@ var gPhishingDetector = {
       unobscuredHostName.value = hrefURL.host;
 
       // The link is not suspicious if the visible text is the same as the URL,
-      // even if the URL is an IP address.
+      // even if the URL is an IP address. URLs are commonly surrounded by
+      // < > or "" (RFC2396E) - so strip those from the link text before comparing.
+      if (aLinkText)
+        aLinkText = aLinkText.replace(/^<(.+)>$|^"(.+)"$/, "$1$2");
+
       var failsStaticTests = (aLinkText != aUrl) &&
          ((this.mCheckForIPAddresses && this.hostNameIsIPAddress(hrefURL.host, unobscuredHostName) &&
            !this.isLocalIPAddress(unobscuredHostName)) ||
@@ -320,6 +324,7 @@ var gPhishingDetector = {
     var ipComponents = unobscuredHostName.value.split(".");
 
     return ipComponents[0] == 10 ||
+           ipComponents[0] == 127 || // loopback address
            (ipComponents[0] == 192 && ipComponents[1] == 168) ||
            (ipComponents[0] == 169 && ipComponents[1] == 254) ||
            (ipComponents[0] == 172 && ipComponents[1] >= 16 && ipComponents[1] < 32);