On Sat, Aug 30, 2008 at 11:38 AM, tedd <tedd.sperling@xxxxxxxxx> wrote: > At 1:38 PM +0200 8/30/08, Per Jessen wrote: >> >> Interesting - I copy-pasted the Rx symbol (from your webpage) into FF >> and appended .com - and FF converted the URL symbol to "xn--u2g.com". >> >> I guess FF only works with a limited subset of the many possible special >> characters. > > What is happening there is FF and other browsers are afraid of homographic > attacks. > > A homographic attack is simply where the URL in the browser *looks* like > another, but is not. > > For example, early on in this "How do we solve the 7-bit problem?" with the > net, it was brought up that there are many code points in the Unicode > database that look exactly the same as others. > > One individual (I can't remember his name at the moment) took the liberty of > registering a domain name (i.e., PayPal.com) that use an "a" from different > charset than English. > > While there was no intent to defraud anyone, PayPal wasn't amused and > legislation followed -- the specifics of which I have no information. > > But the entire process demonstrated that evil-doers could register domains > that look like other domains and thus fool people. > > What some browser developers did was to NOT make the conversion from > PUNYCODE to the correct code-points but rather show the PUNYCODE "as-is", > which was never the intent of the IDNS WG. This act defeated the entire > process of allowing non-English people to have non-English domain names. > This like throwing the baby out with the bath water. > > I claim that the process can be solved differently and more effectively. All > browser developers have to do is to evaluate the PUNYCODE string and if it's > made up from a collection of different charsets, then just color it. > > I think making the URL RED would be a better warning than showing PUNYCODE > -- but that's my opinion. > > Cheers, > > tedd Wait a minute - you're going to rail on for ever on another thread about web in-accessibility with CAPTCHA and then you're going to propose something that relies on color coding for something that important? What about all those with red/green color blindness? Andrew -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
