- From: Ian Hickson <ian@hixie.ch>
- Date: Tue, 10 Sep 2013 20:40:36 +0000 (UTC)
- To: Boris Zbarsky <bzbarsky@MIT.EDU>
- Cc: whatwg <whatwg@lists.whatwg.org>, Adam Barth <w3c@adambarth.com>
On Tue, 10 Sep 2013, Boris Zbarsky wrote: > On 9/10/13 3:54 PM, Ian Hickson wrote: > > > > > [some sites compare values that are always-punycoded domains with > > > values that can be full Unicode for security checks] > > > > Well, then they'll be broken, I guess. (They'll break safe, though.) > > Well, the outcome is "user can't use site". (Which they care more about > than whether the site is safe or not, too, though the safety bit is not > relevant to the discussion per se.) Do you have a concrete example I can look at here? I agree we should make this interoperable. > > It might be, depends on what the URL is. > > Basically, if we want interop on this stuff we need to define which > things get punycoded where and which things are stored as ACE instead > and whatnot. :( Agreed. I think we have (if it doesn't say to punycode, don't punycode; nothing ever unpunycodes). The current definitions might not be always what we want, but I think to the extent that they are not, we need to study concrete examples to see what we should do. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Tuesday, 10 September 2013 20:41:00 UTC