- From: Mike West <mkwst@google.com>
- Date: Mon, 9 Feb 2015 12:45:07 +0100
- To: Brian Smith <brian@briansmith.org>, Anne van Kesteren <annevk@annevk.nl>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>, Brad Hill <hillbrad@gmail.com>, Dan Veditz <dveditz@mozilla.com>, Wendy Seltzer <wseltzer@w3.org>
- Message-ID: <CAKXHy=cqao0J9D=enkVPYy-LiyqZf89K9kQeW_6ObTEDv1wT1g@mail.gmail.com>
On Mon, Feb 9, 2015 at 12:42 PM, Brian Smith <brian@briansmith.org> wrote: > >> 2. As I mentioned previously, I think it is really unfortunate that > >> CSP2 isn't properly Unicode-enabled. I know that nobody is > >> intentionally trying to discriminate against any group of people, but > >> IMO this incidental discrimination shouldn't be accepted either. I > >> think this issue deserves the same level of consideration as > >> accessibility for people with visual impairments. (Note I'm not trying > >> to diminish the importance of accessibility work.) > > > > To be sure I understand what needs to be done here, you'd like us to: > > > > * Remove the recommendation to use punycode (what should we do with > > punycode? should it match its unicode equiv?) > > In the ASCII encoding of an internationalized URL, two different > encoding mechanisms are used: punycode for domain labels, and > URL-escaped UTF-8 (IIRC) for everything else. So, it isn't just an > issue with punycode. > > Yes, a URL should be considered equal to its ASCII-ified (IRI-to-URI) > equivalent. So, for example, > > > * Allow unicode characters as part of the grammar > > > * Recommend that folks %-encode unicode characters when delivered as an > HTTP > > header > > Not just %-encoded, but convert the IRI to a URI. In particular, > punycode should be used for the domain labels in the authority, and > the path and query string should be converted to UTF-8 and then > normalized and URL-encoded. > > It would be worth verifying with Anne about whether this is exactly > correct. I'm assuming that the URL Standard has the capability of > taking an URL Standard URL (which are internationalized) and > converting it into an on-the-wire ASCII encoding that is like an > IETF-specified URI. > Anne? :) -mike -- Mike West <mkwst@google.com>, @mikewest Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth Flores (Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Monday, 9 February 2015 11:45:55 UTC