Re: What's with the Rx symbol?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



At 1:38 PM +0200 8/30/08, Per Jessen wrote:
Interesting - I copy-pasted the Rx symbol (from your webpage) into FF
and appended .com - and FF converted the URL symbol to "xn--u2g.com".

I guess FF only works with a limited subset of the many possible special
characters.

What is happening there is FF and other browsers are afraid of homographic attacks.

A homographic attack is simply where the URL in the browser *looks* like another, but is not.

For example, early on in this "How do we solve the 7-bit problem?" with the net, it was brought up that there are many code points in the Unicode database that look exactly the same as others.

One individual (I can't remember his name at the moment) took the liberty of registering a domain name (i.e., PayPal.com) that use an "a" from different charset than English.

While there was no intent to defraud anyone, PayPal wasn't amused and legislation followed -- the specifics of which I have no information.

But the entire process demonstrated that evil-doers could register domains that look like other domains and thus fool people.

What some browser developers did was to NOT make the conversion from PUNYCODE to the correct code-points but rather show the PUNYCODE "as-is", which was never the intent of the IDNS WG. This act defeated the entire process of allowing non-English people to have non-English domain names. This like throwing the baby out with the bath water.

I claim that the process can be solved differently and more effectively. All browser developers have to do is to evaluate the PUNYCODE string and if it's made up from a collection of different charsets, then just color it.

I think making the URL RED would be a better warning than showing PUNYCODE -- but that's my opinion.

Cheers,

tedd

--
-------
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux