Re: [whatwg/url] Initialize the IgnoreInvalidPunycode flag when calling UTS 46 (Issue #821) from Anne van Kesteren on 2024-11-29 (public-webapps-github@w3.org from November 2024)

From: Anne van Kesteren <notifications@github.com>
Date: Fri, 29 Nov 2024 03:20:36 -0800
To: whatwg/url <url@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/url/issues/821/2507610106@github.com>

Valid to invalid is indeed concerning, but given how UTS46 was created to counterbalance IDNA2008 which did exactly that I'm not too worried about that happening. There are a couple of cases we still need to iron out around IDNA, but the relationship with UTS46 has been good and productive.

If there is some point where it becomes problematic we can always take stock then and determine appropriate next steps, including folding the algorithms that worked for us in directly.

And the validation in UTS46 is not really concerned with confusables. It's much lower-level. When to display Unicode to the end user is still mostly handled by proprietary algorithms, but I'm also rather suspect of that whole approach as you can have confusables within ASCII as well. Properly addressing phishing has to be done differently.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/url/issues/821#issuecomment-2507610106
You are receiving this because you are subscribed to this thread.

Message ID: <whatwg/url/issues/821/2507610106@github.com>

Received on Friday, 29 November 2024 11:20:40 UTC