----- Original Message ----- From: "Martin v. L�wis" <[EMAIL PROTECTED]> > In fact, MSIE 6 does process URLs with non-ASCII characters - even > though not in the suggested way (but instead, apparently by sending > UTF-8 directly to the wire). Changing it to perform IDNA on the > host part (and leaving everything else as-is) would not make it less > standards-conforming, and give users added value. That makes sense and works in many cases,as cab be seen in some plugin approaches. But, in some cases , it is obvious that it will cause security/architectural problems..
<a href=www.xn--blahblah.com> is ugly and won't be acceptable to MS Windows folks. That is why MS waits for full IRI spec for HTML, i guess. Thinking that Content/Javascript/Java/Cookie security models heavily depends on text represenatations of hostname and file path parts of URL(then IRI), MS's current conservative postitions may be justified for security reasons. Still i don't have full information about how Mozilla implementations of IDNA had addressed this security issues clearly. Soobok Lee
