[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bidirectional text and URLs

From: chad
Subject: Re: Bidirectional text and URLs
Date: Sun, 30 Nov 2014 15:39:15 -0800

> On 30 Nov 2014, at 07:20, Eli Zaretskii <address@hidden> wrote:
> I'm sorry, but this is not instrumental: it doesn't specify what
> "misleading" means.  We need a detailed spec for that. 

Given things we're already identifying the URL in text, is it
possible/easy to check for a different directionality of any part
of a URL text (including the entire url) compared to the text (not
whitespace) before and after the URL?

In order to make phishing-style surprises work, the mal-ordered
text probably wants to have the left-side string "http[s]://" and
the right-side string "//:[s]ptth", right? That should be reasonably
easy to check, and would be a good heuristic.

I suppose there are non-HTTP schemes that might be troublesome also.
Some that come to mind are: ftp, file, imap, jabber, nntp, sip,
sips, and xmpp. I can't think of a way offhand to abuse mailto: or
about:, but I might just be missing it.

Hope that helps,

reply via email to

[Prev in Thread] Current Thread [Next in Thread]