On Sun, 01 Jun 2014 18:31:09 +1000, Chris Angelico wrote:

> the better solution is to permit the full Unicode alphabet in
> identifiers...

I'm not entirely sure about that. Full Unicode support in identifiers 
such as URLs doesn't create a brand new vulnerability, but it does 
increase it from a fairly minor problem to something *much* harder to 
deal with. It's bad enough when somebody manages to fool you into going 
to (say) app1e.com instead of apple.com, without also being at risk from 
аррlе, аpрlе, арplе and аррle (to mention just a few). At least nobody 
can fake .com with .соm.

To put it another way:

py> аррlе = 23
py> apple = 42
py> assert аррlе == apple
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>


Reply via email to