Re: agenda+ UTS55, UAX31 and URLPattern (FW: [whatwg/urlpattern] Consider fully supporting RTL and Bidi URLs (#43)) from Anne van Kesteren on 2024-03-21 (public-i18n-core@w3.org from January to March 2024)

From: Anne van Kesteren <annevk@annevk.nl>
Date: Thu, 21 Mar 2024 11:56:39 +0100
To: Addison Phillips <addisoni18n@gmail.com>
Cc: public-i18n-core@w3.org
Message-ID: <CADnb78jU6seWfTsPD6j26HOKvXg4Ny7XxKYfCS5ABNCkJvYMAQ@mail.gmail.com>

On Thu, Mar 21, 2024 at 1:01 AM Addison Phillips <addisoni18n@gmail.com> wrote:
> I think my reply to “what did you have in mind” would be to point out that “users” of urlpattern are authors of urlpatterns, not end-users of the resulting URLs and these users need protection from bidi spoofing/reordering problems. However, specific recommendations need to be approached carefully. It’s worth discussing and maybe looping in Robin Leroy and Mark Davis to explain the Unicode stuff.

How is it materially different from equivalent attacks on CSS, HTML,
or JavaScript? If it's not, I'd argue that this is not the place to
tackle this issue.

Received on Thursday, 21 March 2024 10:57:02 UTC