[qutebrowser] IDN spoofing

John Lane john at lane.uk.net
Wed Apr 19 17:08:41 CEST 2017


Interesting article[1] on the register today about internationalised
domain name (IDN) spoofing using Punycode[2].

I think it's quite alarming that many browsers show you what looks like
apple.com which in reality is something entirely different. That's
something new I've learnt today!

This can be configured against in Firefox about:config by setting
"network.IDN_show_punycode=true"

Is it possible to do this in qutebrowser - I couldn't find a setting for
it on "qute:settings" ?

What's also interesting is that clicking the "apple.com" link on that
register article does not work in qutebrowser with the qt5-webkit-ng
 backend. It does work with the qt5-webengine backend.


[1] https://www.theregister.co.uk/2017/04/18/homograph_attack_again

[2] https://en.wikipedia.org/wiki/Punycode


More information about the qutebrowser mailing list