|
A partial way out which is why I am amazed by this is our browsers are supposed to protect us as best they can. The least they can do is choose a font which does not help malicious actors.
|
|
|
|
|
meagreProgrammer wrote: The least they can do is choose a font which does not help malicious actors.
Devil's advocate:
The user gets to set his own font preferences at the OS level. That can include some specific accessibility requirements. If the browser ignored those choices and started arbitrarily using some alternate font for a control such as the address bar, you would annoy those users - why should the browser's controls be any different than the OS itself? All apps running on the OS should respect what's been selected there.
(Page content is another mess altogether, outside the control of the OS and best left for another discussion.)
All that said, I'm not disagreeing with you...the browser is the doorway to potentially very nasty stuff, so yes, it should go out of its way to validate everything. I'm just not sure how you're supposed to guess the user's intent...to re-use my previous example, maybe I did mean to go to siIIy.com (using two capitalized "eyes") rather than silly.com (two lowercase "els").
OTOH, as domains aren't supposed to be case-sensitive, and a link being followed contains capitalized letters as part of the domain...warn the user and show him the domain as all lowercase? Or at least, have the hover text show the lowercase version? But if the user types in a domain name with capitalized letters...then he only has himself to blame.
Food for thought for sure...
|
|
|
|
|
dandy72 wrote: OTOH, as domains aren't supposed to be case-sensitive, and a link being followed contains capitalized letters as part of the domain...warn the user and show him the domain as all lowercase? Or at least, have the hover text show the lowercase version? But if the user types in a domain name with capitalized letters...then he only has himself to blame.
DNS is case insensitive by RFC, so domain names are case insensitive. What isn't case insensitive is email addresses before the @ sign, but all major mail servers treat them as case insensitive.
|
|
|
|
|
obermd wrote: DNS is case insensitive by RFC Yep, that's true for the old RFC. However with aggressive DNSSEC the query will randomly capitalize the domain; (wWw.cODeProJecT.coM for example) and the upstream authoritive server should preserve the capitalization in the response.
I think capitalization is used in other areas such as the NSEC record, but I don't remember the details.
|
|
|
|
|
The domain name is still case insensitive. This capitalization is designed to increase the entropy of the encrypted DNS record, not add to the number of domain names.
|
|
|
|
|
obermd wrote: What isn't case insensitive is email addresses before the @ sign
I was not aware of that.
"I'm Bob@company.com, but make sure you capitalize the first B, otherwise it's gonna go to that jerk in accounting".
Good thing that is NOT being respected. I'm not familiar with the whole RFC process...would an RFC this old (now that there's plenty of implementations out there) allow for an addendum/correction that goes against what's been previously stated...? Just to make it formal...especially since, as you say, "all major mail servers" treat them as case-insensitive...
|
|
|
|
|
Thanks - I'm going to turn this into a security tip for my company.
|
|
|
|
|
Oddly, I can tell the difference, just barely. If you screen capture Il (the difference here is obvious when I type it in the editor but rendered in the final post and in the preview, they look the same) you'll notice the antialiasing (or is it aliasing?) is different for uppercase I and lowercase l. Maybe somehow I'm seeing that subtle difference.
|
|
|
|
|
@GregUtas
Where's the CCC?
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Bit early for Greg
Life should not be a journey to the grave with the intention of arriving safely in a pretty and well-preserved body, but rather to skid in broadside in a cloud of smoke, thoroughly used up, totally worn out, and loudly proclaiming “Wow! What a Ride!" - Hunter S Thompson - RIP
|
|
|
|
|
...Present company not included, of course
🤣🤣🤣🤣🤣 Whoever wrote that (who was it, guys?) has a nice, dry, self-deprecating SOH, I love it.
And I can relate (about the kind of developer I am, I mean) x
Paul Sanders.
If I had more time, I would have written a shorter letter - Blaise Pascal.
Some of my best work is in the undo buffer.
|
|
|
|
|
I am fond of your quote of Mons. Pascal. I am thankful I learned of it. In case you have not already done so may I suggest looking up the olde English translation of the original French as the verbiage is quite impressive at least to me.
|
|
|
|
|
Sure, where can I find it?
Paul Sanders.
If I had more time, I would have written a shorter letter - Blaise Pascal.
Some of my best work is in the undo buffer.
|
|
|
|
|
|
Excellent, thank you. I like that site, and for the benefit of anyone reading this, their approximate translation is:
I have made this [letter] longer than usual because I have not had time to make it shorter.
Which, I guess, is a bit less pithy than the version I have in my sig (so I will keep it as it is).
I see, by their lights, I have the correct attribution. Then copied and adapted many times over, no doubt. Cheers.
Paul Sanders.
If I had more time, I would have written a shorter letter - Blaise Pascal.
Some of my best work is in the undo buffer.
|
|
|
|
|
|
Interesting, thank you.
Personally, I certainly do find comments that point out what a friend of mine would term "the bleedin' obvious" to be just noise. You're better off picking descriptive class, function and variable names and leaving it at that.
Then, the comments that really matter will indeed stand out (in my IDE - Visual Studio - they're displayed in green, although that is configurable). Also, you get less 'comment fatigue' putting them in in the first place, so, again, there's a better chance that the really important ones will actually make it into the code.
Paul Sanders.
If I had more time, I would have written a shorter letter - Blaise Pascal.
Some of my best work is in the undo buffer.
|
|
|
|
|
Did you happen to see the reference to Blaise Pascal
|
|
|
|
|
Ha! No, bang to rights lol
Paul Sanders.
If I had more time, I would have written a shorter letter - Blaise Pascal.
Some of my best work is in the undo buffer.
|
|
|
|
|
I don't consider myself a talented C++ developer. Leave it to C++ to be able give anyone imposter syndrome. Just when I think I've mastered some aspect of the language, it throws me a curveball. I swear mastering it takes more than one lifetime.
I however, grudgingly acknowledge that people routinely say I'm a talented C++ developer, because it would be foolish for me not to.
To err is human. Fortune favors the monsters.
|
|
|
|
|
Leave it to C++ to be able give anyone imposter syndrome.
Yeah. Some pretty smart folks on Stack Overflow (but also lots of n00b posts, and they have their fair share of rather arrogant / emotionally underdeveloped people). I've learned a lot by hanging out there, including how better to conduct myself online. Rewrote my codebase as a result!
Paul Sanders.
If I had more time, I would have written a shorter letter - Blaise Pascal.
Some of my best work is in the undo buffer.
|
|
|
|
|
honey the codewitch wrote: I don't consider myself a talented C++ developer. Damn it. If you are not a talented c++ dev... then 95% of the people here are just beginners (and I am a n00b)
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
I think @GregUtas probably knows C++ better than I do. I'm sure he's not the only one. Codeproject has a deep bench.
To err is human. Fortune favors the monsters.
|
|
|
|
|
You're not a talented C++ developer. You're a very talented C++ developer.
|
|
|
|
|
I take that as high praise indeed coming from you, Greg.
To err is human. Fortune favors the monsters.
|
|
|
|