On 06/05/10 21:27, Zaid Ali wrote:
I agree Safari experience looks much nicer and yes whole host of potential
malice to arise. Firefox shows punycode
http://xn--4gbrim.xn----rmckbbajlc6dj7bxne2c.xn--wgbh1c/ar/default.aspx
Now if I understood arabic only and was travelling or happen to use Firefox
which showed punycode how would I trust it? If it was directly translated to
latin characters I could trust it with verification from someone I know who
understands english. I would not trust puny code because an end user does
not know what it means, I think there is potential for a lot of issues here.
Zaid
This is indeed a security issue, and the behaviour in Firefox is
currently that way by design.
To fix it, the .eg / .xn--4gbrim TLD registrar needs to contact the
Mozilla Foundation in order to inform the Foundation of their official
IDN name allocation policy, so that the native-script URL display can
then be switched on for their domain.
See https://bugzilla.mozilla.org/show_bug.cgi?id=564213 and
http://www.mozilla.org/projects/security/tld-idn-policy-list.html
-- Neil