Issue metadata
Sign in to add a comment
|
Security: RTL Address Bar Spoofing
Reported by
jackwill...@gmail.com,
Oct 5 2016
|
||||||||||||||||||||||
Issue descriptionVERSION Chrome Version: 55.0.2880.4 Operating System: Windows 7 REPRODUCTION CASE 1. Visit http://xn--nebl.xn--9dbq2a/مركز-التسجيل.السعودية The Omnibox shows רע.קום/مركز-التسجيل.السعودية but the page's hostname is רע.קום
,
Oct 5 2016
Peter, is this the expected behaviour? Or should we expect two RTL segments within an overall LTR URL?
,
Oct 5 2016
mgiuca is in the best position to comment/close/dupe as appropriate here.
,
Oct 6 2016
Same root cause as Issue 351639; RTL URLs are correctly (but confusingly) rendered from right to left, resulting in a hard-for-human-to-parse display.
,
Oct 6 2016
Just a suggestion, maybe we should slam these up against the right-hand side of the box with the blank space to the left to indicate overall direction.
,
Oct 6 2016
Hmm we could right-align URLs that begin with a strong RTL character. That's actually what we do on Android and I have a bug to "fix" it. (Issue 616702). I'm not sure what the right approach is there (you can read my arguments in that bug report for why alignment based on the first strong character is undesirable.) The main thing is that it wouldn't actually solve the general case, because the general (and common) case is URLs with lots of intermixed LTR and RTL components. I'd rather progress towards making it all LTR than trying to fix alignment for special cases. |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by elawrence@chromium.org
, Oct 5 2016Summary: Security: RTL Address Bar Spoofing (was: Security: Address Bar Spoofing )