Anthony G. Atkielski wrote: > A straightforward solution would be to simply translate any Unicode
characters that have equivalent glyphs.
I love the way you casually use the word "straightforward" there. Glyph equivalence is a very fuzzy thing.
If someone tried to replace a normal 'a' with a Unicode character that looks the same, the browser would replace it with a normal 'a'. There's no legitimate reason that I can think of for using unconventional Unicode codes for conventional glyphs in a URL; the only reason for doing it is to spoof.
Perhaps because cyrillic has a perfectly reasonable character that happens to look like an "a" in most circumstances?
There are no simple solutions to this problem, but there are solutions, and we're working on them.
Gerv _______________________________________________ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security
