Gervase Markham wrote:
On 28/02/09 00:32, Jonas Sicking wrote:
It'd be good to have a separate pref, network.IDN.blacklist_chars_extra,
where users can add additional characters without having to worry about
not receiving updates to the list we maintain.
If users have to add chars to this
On 28/02/09 00:32, Jonas Sicking wrote:
It'd be good to have a separate pref, network.IDN.blacklist_chars_extra,
where users can add additional characters without having to worry about
not receiving updates to the list we maintain.
If users have to add chars to this list manually, that's
Until a better solution is deployed, here is the work around to make
Moxie Marlinspike's attack ineffective.
- select and copy in your clipboard the character inside the below :
╱
This character looks similar to / but is not the same !
This message is sent in unicode to allow for
On 02/27/2009 12:15 PM, Jean-Marc Desperrier:
- Click to modify the network.IDN.blacklist_chars preference
- Click inside the preference content and paste the character from you
clipboard.
Do not overwrite any of the characters already present !
Very useful. Besides that the original site
Daniel Veditz wrote:
Jean-Marc Desperrier wrote:
Until a better solution is deployed, here is the work around to make
Moxie Marlinspike's attack ineffective.
Note that the better fix will be a default change for this very pref,
and any user-modified value will continue to take precedence.
Hi,
while the presented fake slash seems the best way to obviously scream
THIS IS AN ATTACK, the fake question mark made me try to wipe some dirt
from the screen until realizing that it is part of the character. I
think I have found a way better workaround that will not be
circumvented once
Jan Schejbal wrote:
Of course this is not possible for some users, but most average users
(US/UK/DE) should not need IDN.
While true, that just pushes the issue off on our Chinese, Japanes, etc
users, who DO need IDN. IDN domain names are very commonly used there.
-Boris
Mike Ter Louw wrote:
Would it be helpful to use some form of syntax highlighting
It's been suggested in the past; you might want to read the relevant
bugs... There were issues with performance, drag and drop handling, and
so forth, because you have to dynamically switch between an editable
