|
From: | Lars Ingebrigtsen |
Subject: | bug#24117: 25.1; url-http-create-request: Multibyte text in HTTP request |
Date: | Thu, 11 Aug 2016 15:00:55 +0200 |
User-agent: | Gnus/5.13 (Gnus v5.13) Emacs/25.1.50 (gnu/linux) |
Ted Zlatanov <tzz@lifelogs.com> writes: > Somewhat related: it would be nice if the URL parser also listed the > non-ASCII scripts used in the domain name. Then eww and other programs > could do one of the typical defenses: either ensure only one script is > used; or allow only scripts that match the user's locale; or catch any > non-ASCII domain names. Typically they'd use Punycode to display such > suspicious domain names: > https://en.wikipedia.org/wiki/IDN_homograph_attack This is implemented in puny and eww: ;; Check whether the domain only uses "Highly Restricted" Unicode ;; IDNA characters. If not, transform to punycode to indicate that ;; there may be funny business going on. (let ((parsed (url-generic-parse-url url))) (unless (puny-highly-restrictive-domain-p (url-host parsed)) (setf (url-host parsed) (puny-encode-domain (url-host parsed))) (setq url (url-recreate-url parsed)))) -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no
[Prev in Thread] | Current Thread | [Next in Thread] |