[whatwg] Question about document.referrer (and document.URL, document.location.href) when IDN domains are in use

Anne van Kesteren annevk at annevk.nl
Thu Sep 12 02:56:32 PDT 2013

On Wed, Sep 11, 2013 at 7:21 PM, Ian Hickson <ian at hixie.ch> wrote:
> Surely the consistency of the API matching the input is more important
> than the consistency of the API _not_ matching the input...

The input will be mangled anyway. E.g. domain label separators are
normalized to ".". And all kinds of other parts of the URL undergo

>> It means the entire URL is effectively a byte sequence.
> I don't know what you mean here.

No code point is higher than 7F. And given the way HTTP operates on
URLs, and we extract data from data URLs, making it a byte sequence
might not be a such a bad idea...

>> And it's very clear what the DNS lookup will be.
> Why do you think people care more about that than about the URL matching
> what they wrote in the markup?

It won't match that anyway.

>> And given that they keep insisting on changing what certain code points
>> map to over in IETF-land (with limited support from browser vendors :/),
>> it seems safer too.
> I don't understand what is safer. Surely if the punycoding step keeps
> changing, it's less safe, since it'll mean that the results will change
> without the author expecting it. If we don't punycode in the API, then the
> result will be the same regardless of the punycode step.

It depends on what you do with the result I suppose.

seems relevant.

http://url.spec.whatwg.org/ defines ASCII at the moment. The other
reason that is I just remembered is because ToASCII can fail and at
that point we want to return failure for the URL. I suppose we could
run ToASCII and then ToUnicode...


More information about the whatwg mailing list