Would it be helpful to use some form of syntax highlighting, so at least
the more critical user can see which characters are URI component
separators/delimiters? This wouldn't prevent attacks that mimic domain
names using I18N characters (e.g., Johansen's pаypal.com), but can
be a non-intrusive UI change that is useful for detecting attacks that
mimic URI component separators.
Mike
Boris Zbarsky wrote:
Jan Schejbal wrote:
Of course this is not possible for some users, but most average users
(US/UK/DE) should not need IDN.
While true, that just pushes the issue off on our Chinese, Japanes, etc
users, who DO need IDN. IDN domain names are very commonly used there.
-Boris
_______________________________________________
dev-security mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security
_______________________________________________
dev-security mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security
