the IDN problem
Filed against every single major web browser is the bug of "unicode blindness injection" security vulnerability. In short, Unicode letters can look the same as their ascii-equivalents, but lead to a different URL (thereby permitting man-in-the-middle attacks).
My solution consists of verifying that unicode glyphs look different from ascii glyphs (yes, I like the word "glyph"). In my example screenshot, words in parentheses are entirely ascii, those preceding them have a "wrong letter:"
- the K in KDE is Cyrillic (U041A)
- the S in RULES is Cyrillic (U0405) (which I'm aware doesn't even exist in Cyrillic)
- the P in APPLE is also Cyrillic (U0420)
- the T in MICROSOFT is Greek (U03A4)
However, it does a poor job of identifying K. If this is considered useful, I may be inclined to fix it for inclusion into KDE, otherwise, I'll leave it to be abandonware as I do with everything else.
The idea is that if there's a unicode letter, and the "error report" is high enough, you might warn the user prior to visiting the page.