For those who do not have a webserver: plz copy this url into your MSIE
addressbar .
javascript:void(window.open(unescape("http://www.microsoft.com%u2044%u1160%u1160.uni.cc/";),"_self"))
You will see an error page if you have recent MSIE patch.
Soobok
Soobok Lee wrote:
> You can paste this html/javascript codelet to an html file in your
> webserver and see in your MSIE brower.
> You will see "www.microsoft.com" isolated in the addressbar from the
> "mozilla.org" domain suffix.
> Fortunately, you will see blank space (no phishing page) if you have
> recent IE patch.
> This won't work in firefox 1.x which strips off those special chars
> for unknow reasons before sending to
> the address bar.
>
> <script>
> window.open(unescape("http://www.microsoft.com%u1160%u1160%u1160%u1160%u1160%u1160.mozilla.org/";),"_blank");
>
> </script>
>
> U+1160 is a space-like char and even stringprep/nameprep does not
> filter it out because
> the char is not for punctuational purpose.
> U+1160 is just one example, and i guess there may be many alternatives
> that can be
> used as blank char alternatives.
>
> U+1160 in the above example is placed in the 3rd level domain name label,
> over which .org registry cannot impose any regulations.
>
> Soobok Lee
