On Wed, Sep 24, 2008 at 8:40 AM, Nicolas Sylvain <[EMAIL PROTECTED]>wrote:
> On Wed, Sep 24, 2008 at 8:29 AM, Tom Limoncelli <[EMAIL PROTECTED]>wrote: > >> (1) If I type [12345678900] into the omnibox, the suggestion is >> http://223.220.28.52/ (the integer cast into an IPv4 address). It >> seems that this would be a way for spammers to obscure the IP address >> of their servers. Firefox and other browsers handle this >> differently. From a user standpoint, if I was typing "123signup.com", >> when I type the "123" I see 0.0.0.123 in the suggestion and could get >> confused. Of course, as I type the "s" of "signup" everything clears >> up, but it seems like a usability issue none the less. > > If by "Firefox and other browsers handle this differently" you mean "other browsers just open the IP without telling you what it is in dotted quad form", then you're correct. That seems _more_ subtle to me rather than less. Chromium defaults to searching for this input, not opening it, and if you elect to open it (which is a choice we _have_ to give users, since this is a valid form of IP address), we at least tell you what IP you're really going to. I don't see any problems with this behavior. > (2) If I type [10.10.010.10] the omnibox rewrites it as 10.10.8.10. >> When I've seen other software do that it was an indication that a libc >> function was used to convert the octets, and that concerns me (not all >> operating systems have secure libc's). It also provides many new ways >> for spammers to obscure their URLs. (0x123 works too). > > Again, hex and octal input is valid in IPs, and e.g. Firefox will open this just fine; this isn't Chromium exposing new avenues for spammers, it's us supporting how IP addresses work. I don't know what the particular concern on base conversion is, if you have details perhaps you can provide them. PK --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Chromium-discuss" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/chromium-discuss?hl=en -~----------~----~----~----~------~----~------~--~---
