[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#25600: 26.0.50; shr doesn't heed the IDNA non-obfuscation rules

From: Lars Ingebrigtsen
Subject: bug#25600: 26.0.50; shr doesn't heed the IDNA non-obfuscation rules
Date: Wed, 01 Feb 2017 16:03:32 +0100

If you view the following HTML, shr will (on mouseover etc) display the
domain as something that looks like "www.microsoft.com", when it's
really an IDNA domain with a cyrillic letter in the middle.

I thought eww/shr had fixed this everywhere, but apparently it's just in
the eww header line.  shr should also apply the same rules (for mixing
latin and non-latin characters) and display the link as
"www.xn--mirsft-yqfbx.com" or something.  Perhaps with a warning, even.


It doesn't 'disable' as such, but renders the 'punycode' in full, so a fake 'http://www.miсrоsоft.com' is rendered as instead 'http://www.xn--mirsft-yqfbx.com'.

For comparison, here's fake on top of real (not in monospace since it destroys the illusion):



In GNU Emacs (x86_64-unknown-linux-gnu, GTK+ Version 3.14.5)
 of 2017-01-30 built on stories
Repository revision: ab96c8509736a7ed622916ad2749ff356e520d02
Windowing system distributor 'The X.Org Foundation', version 11.0.11604000
System Description:     Debian GNU/Linux 8.6 (jessie)

(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

reply via email to

[Prev in Thread] Current Thread [Next in Thread]