问题
I've searched the web on this and I can find two solutions:
- Use a URL-shortner.
- Use brackets
<>to allow insertion of whitespace. This only applies to plain-text emails.
I'm sending HTML emails that contains sensitive information, like password recovery links and auto-authentication links. These secure links are, by their nature, quite long. Easily longer than 70 characters or whatever arbitrary limit is imposed on e-mail bodies.
Obviously I can't use any form of URL-shortning because it would circumvent any secure cryptography technique I've used for the links.
I suppose the largest issue is that the links aren't wrapped nicely by email clients. The nice word-wrapping is supported in CSS3 technique, so there is no way MS Outlook will ever support this.
How do I make it so the links are not visually disruptive and possibly easy to copy-paste in case of email client malfunction?
Example
If the link doesn't seem to work, try copy-pasting it to your browser: hxxp://development/#auth/YoxOntz0Oj0ExOiJfcmFuG9tbmVzcyI7czoxOTI6kJsYkV0qMGMuZ1pFZVQ5YkRQNDZPR200Unl60dGlpNlhZZC9QcEVeH0lvV2NVVlpWWFcwWlF0VjRyc0p4akYzclJ0GTkJmSlgxco0aEtDS0FuTlBVSXAxUVhCcGdRNGpHMVl5UGZMRFVacDVSQ1BqcU0tKYlNxZ0FqYXpjTkNqTS9LV29xSk4ydGtyeFpNdV0c2VLMERUbEYwc08xUWU5aXR0GOXl0bVFpcjlXeGZjUE100S0o1L1FcmQ4MmhOdm5LUSI7fQ
Additional notes:
I do not want my links to expire. If I want them to expire at all I'd have a time frame of months, not hours. These links are not just password recovery links.
回答1:
Have you tried the Microsoft proprietary word-break:break-all; ?
<td style=“word-break:break-all;”>
This worked best for me (best compatibility across vendors):
<p style="word-break:break-all;">
<font style="word-break:break-all;">hxxp://really_long_link</font>
</p>
Tested on: MS Office 2007/2010, outlook.com, hotmail.com, gmail.com, yahoo.com (yahoo did not display nicely)
While this was edited to include <p>...</p> I would highly discourage the use of paragraph tags in HTML email if spacing is impotant since email clients interpret these differently.
回答2:
In Html emails - use html
If you are sending html emails, what's wrong with:
... <a href="long url">reset your password</a> ...
If the links are getting mangled when you send html emails - the problem is how you're sending emails, not the recipient's email client.
Use a shorter hash
Is a super long hash (is it a hash, or is it encrypted?) really necessary? Using any hash that is long enough to not be brute-forced before it expires aught to be sufficient. Asking users to copy and paste a string that is obviously going to wrap isn't going to help the user, it's just pushing a development problem onto the user.
回答3:
I think a UUID of the form c909aa38-d041-11e1-979c-00247ee09c09 should be more than enough, to make brute-forcing or guesswork impossible.
A UUID needs 36 characters if displayed in a readable form (16 Bytes of information), that should be no problem for e-mail clients. It can be written even more compact, if you use case sensitive characters. It is important that the GUID's are not generated guessable (no increasing number for example). To be on the safe side, you can read from /dev/urandom.
number of possible characters: 0-9, a-z, A-Z = 10 + 26 + 26 = 62
possible combinations: 62 ^ 36 = 3.358e+64
If you have a lot of information related to this URL, you can store the information on the server in a database, and use the GUID as the key to get this information.
Still concerned? If you store the UUID with a slow hash like Bcrypt in the database (like a password), then it becomes easier to brute force for the actual password, than for this UUID.
来源:https://stackoverflow.com/questions/12385891/how-to-deal-with-long-links-in-html-emails