[whatwg] Question about document.referrer (and document.URL, document.location.href) when IDN domains are in use
ian at hixie.ch
Tue Sep 10 13:40:36 PDT 2013
On Tue, 10 Sep 2013, Boris Zbarsky wrote:
> On 9/10/13 3:54 PM, Ian Hickson wrote:
> > > [some sites compare values that are always-punycoded domains with
> > > values that can be full Unicode for security checks]
> > Well, then they'll be broken, I guess. (They'll break safe, though.)
> Well, the outcome is "user can't use site". (Which they care more about
> than whether the site is safe or not, too, though the safety bit is not
> relevant to the discussion per se.)
Do you have a concrete example I can look at here? I agree we should make
> > It might be, depends on what the URL is.
> Basically, if we want interop on this stuff we need to define which
> things get punycoded where and which things are stored as ACE instead
> and whatnot. :(
Agreed. I think we have (if it doesn't say to punycode, don't punycode;
nothing ever unpunycodes). The current definitions might not be always
what we want, but I think to the extent that they are not, we need to
study concrete examples to see what we should do.
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
More information about the whatwg