GNU bug report logs - #24117
25.1; url-http-create-request: Multibyte text in HTTP request

Previous Next

Full log

Message #137 received at 24117 <at> debbugs.gnu.org (full text, mbox):

From: Ted Zlatanov <tzz <at> lifelogs.com>
To: Lars Ingebrigtsen <larsi <at> gnus.org>
Cc: stakemorii <at> gmail.com, schwab <at> linux-m68k.org, 24117 <at> debbugs.gnu.org,
 Dmitry Gutov <dgutov <at> yandex.ru>
Subject: Re: bug#24117: 25.1;
 url-http-create-request: Multibyte text in HTTP request
Date: Thu, 11 Aug 2016 09:18:31 -0400

On Thu, 11 Aug 2016 15:00:55 +0200 Lars Ingebrigtsen <larsi <at> gnus.org> wrote: 

LI> Ted Zlatanov <tzz <at> lifelogs.com> writes:
>> Somewhat related: it would be nice if the URL parser also listed the
>> non-ASCII scripts used in the domain name. Then eww and other programs
>> could do one of the typical defenses: either ensure only one script is
>> used; or allow only scripts that match the user's locale; or catch any
>> non-ASCII domain names. Typically they'd use Punycode to display such
>> suspicious domain names:
>> https://en.wikipedia.org/wiki/IDN_homograph_attack

LI> This is implemented in puny and eww:

LI>   ;; Check whether the domain only uses "Highly Restricted" Unicode
LI>   ;; IDNA characters.  If not, transform to punycode to indicate that
LI>   ;; there may be funny business going on.
LI>   (let ((parsed (url-generic-parse-url url)))
LI>     (unless (puny-highly-restrictive-domain-p (url-host parsed))
LI>       (setf (url-host parsed) (puny-encode-domain (url-host parsed)))
LI>       (setq url (url-recreate-url parsed))))

Awesome! Thanks for pointing this out, and sorry for digressing.

Ted

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.