Open
Bug 550166
Opened 16 years ago
Updated 3 years ago
BIDI issues in IRI display need reviewing for potential security problems
Categories
(Core :: Networking, defect, P5)
Core
Networking
Tracking
()
NEW
People
(Reporter: usenet, Unassigned)
References
(Blocks 1 open bug)
Details
(Whiteboard: [necko-would-take])
Editing IRIs with mixed-direction scripts can cause counter-intuitive and potentially confusing display and editing behaviour.
Although this is mentioned in terms of BIDI interactions within DNS labels in RFC 4690, section 2.2.5, I believe this needs a wider-ranging review to examine the whole space of potential problems involving mixing of directions within different IRI components.
| Reporter | ||
Comment 1•16 years ago
|
||
This topic is also touched on in section 4, "Bidirectional IRIs for Right-to-Left Languages", of RFC 3987 "Internationalized Resource Identifiers".
Comment 2•16 years ago
|
||
I skimmed over section 4 of RFC 3987, and I think that the method suggested for displaying the values in subsection 4.1 is actually not a very good one.
I've always thought that using rendering the delimiter characters as though they were surrounded by a pair of LRM's is a way to show data sanely, like:
http://آزمایش.ایران/مسیر/صفحه?متغیر=مقدار
Which is the equivalent of:
http://test.ir/path/page?variable=value
Are there downsides to treating IRIs this way for display?
Updated•10 years ago
|
Whiteboard: necko-would-take]
Updated•10 years ago
|
Whiteboard: necko-would-take] → ]necko-would-take]
Updated•10 years ago
|
Whiteboard: ]necko-would-take] → [necko-would-take]
Comment 3•8 years ago
|
||
Bulk change to priority: https://bugzilla.mozilla.org/show_bug.cgi?id=1399258
Priority: -- → P5
Updated•3 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•