Re: For review: IDNs, do they work

Hi Richard,

I've done some tests (see the attached file)

Safari 2.0.1:
          * Supports IDN.
          * Uses a whitelist of scripts for domaine names to be 
displayed natively. By default, Latin lookalike scripts (Cherokee, 
Cyrillic, and Greek) are excluded from this list.
          * Otherwise, domain names using characters from scripts not in 
the whitelist, are displayed in punycode. As an example, in pаypal.com 
if the first a is  the Cyrillic letter "а", then it would be displayed 
as xn--pypal-4ve.com.
          * The whitelist is initialized with (Arabic, Armenian, 
Bopomofo, Canadian_Aboriginal, Devanagari, Deseret, Gujarati, Gurmukhi, 
Hangul, Han, Hebrew, Hiragana, Katakana_Or_Hiragana, Katakana, Latin, 
Tamil, Thai, Yi )
          * Adding Cherokee, Cyrillic, and Greek will enable Safari to 
display all scripts, and will expose you to known IDN vulnerabilities.  
          * If whitelist of  scripts is empty, all non-ASCII characters 
will be displayed in their Punycode equivalents.
          * This list is user editable at: 
/System/Library/Frameworks/WebKit.framework/Versions/A/Resources/IDNScriptWhiteList.txt
          * @@...
          * see http://docs.info.apple.com/article.html?artnum=301116

Note: In Safari to type (or copy/paste) a URI in the address zone is not 
like to click on a link. For example, clicking on a cyrillic link cause 
it to display fine, while entering  the link directly cause it to 
display in punycode. So it's important to enforce the rule of using 
native text for link, but punycode for href attribute.

Regards,

Najib

Najib Tounsi wrote:
>

>  Richard Ishida wrote:

> >

> > Does anyone have access to a Mac to test Safari on the links
in the

> > table?

> >

>  Hi Richard & all,

>

>  I have a Mac with Safari and Camino. I can do some tests. Najib

> >

-- 
Najib TOUNSI (mailto:tounsi @ emi.ac.ma)
Ecole Mohammadia d'Ingenieurs, BP 765 Agdal-RABAT Maroc (Morocco)
Phone : +212 (0) 37 68 71 50 (P1711)  Fax : +212 (0) 37 77 88 53
Mobile: +212 (0) 61 22 00 30

Received on Wednesday, 14 February 2007 14:01:35 UTC