[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bidirectional text and URLs

From: Stephen J. Turnbull
Subject: Re: Bidirectional text and URLs
Date: Sun, 30 Nov 2014 22:42:18 +0900

Eli Zaretskii writes:

 > I agree, but the issue discussed here is different:

I have to disagree.  The issue is about *any* technology that can be
used to convince the user that one URL is being accessed when in fact
another one is.

Whether one should try to warn the user is a separate question, which
depends on the probabilities of legitimate vs. fraudulent displays,
and the cost of annoyance vs the *avoidable* cost to fraud victims.

Unfortunately, the HCI evidence suggests that few potential victims
listen to warnings (or even understand them), so you're probably right
that it's a bad idea to warn if RTL characters are present.

 > detecting only the enclosed-LTR case is better than nothing, I
 > think.


 > > and of course any jumble is possible as a domain or path component
 > > which is an abbreviation.  And any useful jumble can probably be
 > > registered as a domain, and certainly incorporated in a path.
 > I doubt that a domain like this could be registered, as using such
 > characters in a domain name is AFAIU against the regulations, see
 > RFC3987.

If you mean the controls, you're probably right, although RFC3987 has
been updated for international domain names.  I suppose those controls
are not permitted, though.

 > The easy cases with RTL text, as mentioned above, should be also
 > easily detectable, and I agree they should get the same treatment.

OK, good enough for me.

 > > "We need to decide what we want to do, and then look for a mechanism."
 > OK, let me rephrase: what effect will "turning off" have on
 > display?

Whatever the display would be in the absence of an attempt to detect
and warn about instances of possibly fraudulent use of directional

 > I very much hope we will find a sane middle ground, possibly subject
 > to user control.  I'd hate to see Emacs become another case of the TSA
 > disaster.

The best I've been able to come up with given the unfortunate conflict
between UAX#9 and the "normal" display of URLs as I understand it is a
one-off warning (or use of something like the novice mechanism so the
user can easily "turn it off" as defined above as soon as it becomes
annoying -- I expect your judgment to be that it would *always* be
annoying, just mentioning the possibility for completeness).

 > Someone(TM) should present a list of well-thought requirements, and we
 > can take it from there.

Unfortunately, besides LTR in RTL control, and RTL in LTR control, I
can't help, not being familiar with the expected display.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]