>> "ST" == Scott Taylor <[EMAIL PROTECTED]> writes: ST> Wouldn't it make sense to accept [EMAIL PROTECTED], but NOT DISPLAY IT on the ST> address bar? so even if someone clicks on a shady link, they don't see ST> http://[EMAIL PROTECTED], they only see http://crooks.com on their ST> address bar? And with all those miserable encoded characters translated ST> back to plaintext too. Yeah I know. silly idea. Just too bloody obvious ST> I guess.
Now that they have implemented this behavior and has made it into a defacto standard I too agree that it is just silly to suddenly remove it due to other wrongdoings in the browser. I do however agree that it is a problem that could help people to be more easily fooled than normally. But if so, why not just make it alert the user that something might be fishy? As someone else suggested, change the color in the URL of the user:pass part into something else, light an icon to warn the user of it or even (*shiver*) have it pop up a warning notice. I think that all of those would be better than just all of a sudden disabling a feature that people are actually using for a lot of live purposes. /ahnberg. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
