HackerOne: Homograph attack

2015-04-26T17:58:53
ID H1:58612
Type hackerone
Reporter r0x33d
Modified 2015-05-02T22:34:51

Description

Hello!

I would like to report that fix of report #29491 is incomplete. There is another way to reproduce homograph attack: <http:ebаy.com> or <http:/ebаy.com>

IDNs are displayed in unicode and there is no encoding into Punycode on external link warning page

Thanks!

- Matvejs