Leaving out scripts (Re: Unicode versions (Re: Criteria
for exceptional characters))
Gervase Markham
gerv at mozilla.org
Thu Dec 21 17:02:43 CET 2006
Erik van der Poel wrote:
> Firefox currently allows any scripts to be mixed in lower level labels
> when the TLD is in the white list. It's great that you block certain
> dangerous characters like the math slash look-alikes. But maybe
> someone will eventually figure out how to create a tricky URL that
> takes advantage of script mixing in lower level labels in Firefox in
> countries where Firefox enjoys a significant market share.
If they do, we would block the separator-like characters that they used
to achieve it, and push the change just like any other security update.
If you know of characters we should be blocking that we aren't, let us know.
> Firefox's
> leaders trust the TLDs on the white list, but can you trust all the
> individuals and organizations that register domains in those TLDs?
We absolutely don't trust those organisations. And we don't need to.
Gerv
More information about the Idna-update
mailing list