andre
27th January 2011, 03:24 PM
Google Chrome is yet another browser that by default displays punycode instead of the unicode form of an IDN in the address bar.
Windows: It is necessary to explicitly add all the languages/scripts for which one wants the IDN to be displayed in Unicode form.
Mac OSX: The current Chrome version will only display the unicode form of an IDN if it is in the System Language. Naturally there can only be one system language at a time so only a single language IDN will be correctly displayed in the unicode form.
The main point is that users will have to take action to whitelist IDNs otherwise the punycode form will be displayed. Chrome is, of course, not the only browser where users would have to change settings to whitelist IDNs in order that they are displayed in unicode.
This seems to me another hurdle that needs to be overcome in order for there to be widespread adoption of IDNs. I think that the default IDN display mode for all browsers should be unicode ie no action is required by a user for all IDNs to be displayed correctly in the unicode form.
The current approach by the browsers seems to be that all IDNs are a security risk because they are IDNs. The much quoted risk is the mixing of scripts. But considering that Registries do take measures to prevent this, is it even possible any longer.
If there is a possible and real security risk with a specific IDN then the browser could alert the user in a manner other than displaying the punycode form. eg an Alert Pop Up or change the background colour of the address bar to red
André 小山 Schappo
http://口口.台灣/
Windows: It is necessary to explicitly add all the languages/scripts for which one wants the IDN to be displayed in Unicode form.
Mac OSX: The current Chrome version will only display the unicode form of an IDN if it is in the System Language. Naturally there can only be one system language at a time so only a single language IDN will be correctly displayed in the unicode form.
The main point is that users will have to take action to whitelist IDNs otherwise the punycode form will be displayed. Chrome is, of course, not the only browser where users would have to change settings to whitelist IDNs in order that they are displayed in unicode.
This seems to me another hurdle that needs to be overcome in order for there to be widespread adoption of IDNs. I think that the default IDN display mode for all browsers should be unicode ie no action is required by a user for all IDNs to be displayed correctly in the unicode form.
The current approach by the browsers seems to be that all IDNs are a security risk because they are IDNs. The much quoted risk is the mixing of scripts. But considering that Registries do take measures to prevent this, is it even possible any longer.
If there is a possible and real security risk with a specific IDN then the browser could alert the user in a manner other than displaying the punycode form. eg an Alert Pop Up or change the background colour of the address bar to red
André 小山 Schappo
http://口口.台灣/