- From: Eduardo Vela <sirdarckcat@gmail.com>
- Date: Fri, 4 Dec 2009 22:21:10 +0800
- To: public-web-security@w3.org
Received on Saturday, 5 December 2009 14:29:19 UTC
I think the wiki should include examples, and I think security community will be happy to provide them.. if noone opposes against that I'll start doing so when I find time. Regarding UI issues, maybe covering LTR/RTL chars on browser's dialog boxes would be wise on the Spoofing section. Stuff like: "The website [URL] wants to be your default homepage, ok? [OK]" with this input: "http://sirdarckcat.net/?x=[RTL]x?detacsufbo/moc.elgoog.www//:ptth" will be shown in some browser's dialogs as: The website wants to show you some cool stuff! check it out: http://www.google.com/obfuscated?x?ko ,egapemoh tluafed rouy eb ot stanw=x?/net.tackcradris//:ptth Some rather popular browser has an issue like this.. and they aint fixing it. Greetings!! -- Eduardo http://www.sirdarckcat.net/ Sent from Hangzhou, 33, China
Received on Saturday, 5 December 2009 14:29:19 UTC