Ian G writes: > It occurred to me that what may be required > is a special font designed to show a 'visual > distance' between all the characters. There > may be a font that has this characteristic, or > it may be that it represents an interesting > design exercise for font, security, and language > specialists...
A straightforward solution would be to simply translate any Unicode characters that have equivalent glyphs. If someone tried to replace a normal 'a' with a Unicode character that looks the same, the browser would replace it with a normal 'a'. There's no legitimate reason that I can think of for using unconventional Unicode codes for conventional glyphs in a URL; the only reason for doing it is to spoof. Domain registrars should forbid this sort of thing right up front, for the same reason, but they probably won't. -- Anthony _______________________________________________ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security