[qutebrowser] IDN spoofing
John Lane
john at lane.uk.net
Wed Apr 19 17:08:41 CEST 2017
Interesting article[1] on the register today about internationalised
domain name (IDN) spoofing using Punycode[2].
I think it's quite alarming that many browsers show you what looks like
apple.com which in reality is something entirely different. That's
something new I've learnt today!
This can be configured against in Firefox about:config by setting
"network.IDN_show_punycode=true"
Is it possible to do this in qutebrowser - I couldn't find a setting for
it on "qute:settings" ?
What's also interesting is that clicking the "apple.com" link on that
register article does not work in qutebrowser with the qt5-webkit-ng
backend. It does work with the qt5-webengine backend.
[1] https://www.theregister.co.uk/2017/04/18/homograph_attack_again
[2] https://en.wikipedia.org/wiki/Punycode
More information about the qutebrowser
mailing list