I didn't find any similar RFC, but just a discussion topic of Älphäbet url support for 4.0.
Since October, 2009 ICANN has approved the creation of internationalized country code top-level domains (IDN ccTLDs), and first of then were installed in the DNS root zone on May, 2010. Now IDNs are actually in use already.
Thus, support for IDN (which is a part of IRI - International resource identifier) seems to be a mandatory for any web application, including bulletin board.
It would be nice to implement it as soon as possible to make it included into 3.1a.
Some useful links:
Internationalized domain name - Wikipedia
Internationalized Resource Identifiers (IRIs) - W3
rfc5891 - Internationalized Domain Names in Applications (IDNA): Protocol
rfc5892 - The Unicode Code Points and Internationalized Domain Names for Applications (IDNA)
EDIT: The derivation of valid characters in terms of Unicode properties for IDNA2008 - Internationalized Domain Names (IDN) FAQ
EDIT2:
Unicode Technical Standard #46. Unicode IDNA Compatibility Processing
Unicode Character Database (txt file)
EDIT3:
Ticket: https://tracker.phpbb.com/browse/PHPBB3-12926
Pull request: https://github.com/phpbb/phpbb/pull/3189
[RFC] Support for IDN (IRI)
[RFC] Support for IDN (IRI)
Last edited by rxu on Thu Jan 22, 2015 3:29 pm, edited 3 times in total.
Re: [RFC] Support for IDN (IRI)
We should support IDN I suppose.
Re: [RFC] Support for IDN (IRI)
+1
It was weird from the begining not being able to use iconic characters like Ñ in urls for languages like Spanish, the name itself, España wasn't even posible within urls. Now that this finally changed phpBB should suppport it.
It was weird from the begining not being able to use iconic characters like Ñ in urls for languages like Spanish, the name itself, España wasn't even posible within urls. Now that this finally changed phpBB should suppport it.
Slightly better English than it was in 2005, still improving
- imkingdavid
- Registered User
- Posts: 1050
- Joined: Thu Jul 30, 2009 12:06 pm
Re: [RFC] Support for IDN (IRI)
+1 from me as well
- bantu
- 3.0 Release Manager
- Posts: 557
- Joined: Thu Sep 07, 2006 11:22 am
- Location: Karlsruhe, Germany
- Contact:
Re: [RFC] Support for IDN (IRI)
+1Oleg wrote:We should support IDN I suppose.
Re: [RFC] Support for IDN (IRI)
Hmm. Valid IDN characters should be NFKC Case folded, while phpBB3 messages are normalized by NFC.
So we 'd need to add NFKC casefolded message content to the parser to process IDNs, unless I've missed the way of derivation of IDN valid characters.
So we 'd need to add NFKC casefolded message content to the parser to process IDNs, unless I've missed the way of derivation of IDN valid characters.
Re: [RFC] Support for IDN (IRI)
It looks like IDN can be checked for validity pretty easy, using function idn_to_ascii() with the IDNA_USE_STD3_RULES flag. For example:
This code returns domain name in its IDNA ASCII form.
But this code:
returns false since the leading hyphen is not allowed by domain name ASCII rules.
So, when false, IDN is invalid, and otherwise it's valid. This should simplify the whole implementeation, but requires support of Internationalization Functions module by PHP (intl).
Code: Select all
idn_to_ascii('täst.de', IDNA_USE_STD3_RULES);
But this code:
Code: Select all
idn_to_ascii('-täst.de', IDNA_USE_STD3_RULES);
So, when false, IDN is invalid, and otherwise it's valid. This should simplify the whole implementeation, but requires support of Internationalization Functions module by PHP (intl).
Re: [RFC] Support for IDN (IRI)
+1
Wrongly displayed IDN URLs are really annoying.
Wrongly displayed IDN URLs are really annoying.
- bantu
- 3.0 Release Manager
- Posts: 557
- Joined: Thu Sep 07, 2006 11:22 am
- Location: Karlsruhe, Germany
- Contact:
Re: [RFC] Support for IDN (IRI)
There are security implications that must be considered when implementing IDN support. See http://en.wikipedia.org/wiki/IDN_homograph_attack
- EXreaction
- Registered User
- Posts: 1555
- Joined: Sat Sep 10, 2005 2:15 am
Re: [RFC] Support for IDN (IRI)
That issue seems entirely irrelevant to phpBB, it's up to browsers to handle IDN properly. It's not like us not supporting it is going to prevent someone from trying these attacks against people, even through phpBB.
I'd bet that > 90% of people would be fooled simply by doing that (people look where the URL of the current page is more often than where a link is pointing to and after they click it's too late).
Code: Select all
[url=myASCIIDomainNameWhichRedirectsToPayPalLookAlike]http://www.paypal.com[/url]