- From: Gijs <notifications@github.com>
- Date: Mon, 25 Mar 2019 03:11:13 -0700
- To: whatwg/url <url@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Monday, 25 March 2019 10:11:35 UTC
gijsk commented on this pull request. > + <p class="note no-backref">Note that non-ASCII characters can be used in <a + href="http://unicode.org/faq/idn.html#26">homograph</a> spoofing attacks. Consider detecting <a + href="http://www.unicode.org/reports/tr39/#Confusable_Detection">confusable characters</a> or Should this be "and" rather than "or"? Just 'detecting' confusables does not imply anything about how that would affect the rendering of the URL. Chrome shows punycode in some of the cases where confusables show up, which arguably is also not really a "warning". Maybe "... and altering the URL rendering to avoid user confusion." ? (To be clear, I don't want perfect to be the enemy of good here, or overly focus on the IDN issues, so just noting this problem and a loosely phrased suggestion seems fine, certainly as a first step.) -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/url/pull/434#pullrequestreview-218238187
Received on Monday, 25 March 2019 10:11:35 UTC