[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bidirectional text and URLs
From: |
chad |
Subject: |
Re: Bidirectional text and URLs |
Date: |
Sun, 30 Nov 2014 15:39:15 -0800 |
> On 30 Nov 2014, at 07:20, Eli Zaretskii <address@hidden> wrote:
>
> I'm sorry, but this is not instrumental: it doesn't specify what
> "misleading" means. We need a detailed spec for that.
Given things we're already identifying the URL in text, is it
possible/easy to check for a different directionality of any part
of a URL text (including the entire url) compared to the text (not
whitespace) before and after the URL?
In order to make phishing-style surprises work, the mal-ordered
text probably wants to have the left-side string "http[s]://" and
the right-side string "//:[s]ptth", right? That should be reasonably
easy to check, and would be a good heuristic.
I suppose there are non-HTTP schemes that might be troublesome also.
Some that come to mind are: ftp, file, imap, jabber, nntp, sip,
sips, and xmpp. I can't think of a way offhand to abuse mailto: or
about:, but I might just be missing it.
Hope that helps,
~Chad
- Re: Bidirectional text and URLs, (continued)
Re: Bidirectional text and URLs, Andreas Schwab, 2014/11/28
- Re: Bidirectional text and URLs, Richard Stallman, 2014/11/29
- Re: Bidirectional text and URLs, Eli Zaretskii, 2014/11/29
- Re: Bidirectional text and URLs, Richard Stallman, 2014/11/30
- Re: Bidirectional text and URLs, Eli Zaretskii, 2014/11/30
- Re: Bidirectional text and URLs,
chad <=
- Re: Bidirectional text and URLs, Eli Zaretskii, 2014/11/30