On 06/05/10 21:27, Zaid Ali wrote:
I agree Safari experience looks much nicer and yes whole host of potential malice to arise. Firefox shows punycode
http://xn--4gbrim.xn----rmckbbajlc6dj7bxne2c.xn--wgbh1c/ar/default.aspx
Now if I understood arabic only and was travelling or happen to use Firefox which showed punycode how would I trust it? If it was directly translated to latin characters I could trust it with verification from someone I know who understands english. I would not trust puny code because an end user does not know what it means, I think there is potential for a lot of issues here.
Zaid
This is indeed a security issue, and the behaviour in Firefox is currently that way by design. To fix it, the .eg / .xn--4gbrim TLD registrar needs to contact the Mozilla Foundation in order to inform the Foundation of their official IDN name allocation policy, so that the native-script URL display can then be switched on for their domain. See https://bugzilla.mozilla.org/show_bug.cgi?id=564213 and http://www.mozilla.org/projects/security/tld-idn-policy-list.html -- Neil