- From: Addison Phillips <addisoni18n@gmail.com>
- Date: Thu, 21 Mar 2024 06:49:21 -0700
- To: "'Anne van Kesteren'" <annevk@annevk.nl>
- Cc: <public-i18n-core@w3.org>
Hi Anne, To be completely honest, I don't know. UTS55 is pretty new and this might be a good test case. I'm not sure that I understand the guidance in it fully (hence the suggestion that we might want someone to explain it). One possibility is that there are straightforward changes that could be added to URLpattern (or other languages--particularly new ones) that would both avoid spoofing and (probably more importantly) assist RTL language users. For example, URLpattern might allow the isolate controls to be used (without them being considered part of the identifier _or_ the resultant URL) so that patterns display more correctly. Failing that, there might be judicious places in the spec where notes to tool implementers and pattern authors would help them create a better user experience for bidi users, which might accomplish the same things as above. Addison -----Original Message----- From: Anne van Kesteren <annevk@annevk.nl> Sent: Thursday, March 21, 2024 3:57 AM To: Addison Phillips <addisoni18n@gmail.com> Cc: public-i18n-core@w3.org Subject: Re: agenda+ UTS55, UAX31 and URLPattern (FW: [whatwg/urlpattern] Consider fully supporting RTL and Bidi URLs (#43)) On Thu, Mar 21, 2024 at 1:01 AM Addison Phillips <addisoni18n@gmail.com> wrote: > I think my reply to “what did you have in mind” would be to point out that “users” of urlpattern are authors of urlpatterns, not end-users of the resulting URLs and these users need protection from bidi spoofing/reordering problems. However, specific recommendations need to be approached carefully. It’s worth discussing and maybe looping in Robin Leroy and Mark Davis to explain the Unicode stuff. How is it materially different from equivalent attacks on CSS, HTML, or JavaScript? If it's not, I'd argue that this is not the place to tackle this issue.
Received on Thursday, 21 March 2024 13:49:27 UTC