[WEB SECURITY] many stops equal a U+002E full stop

Chris Weber chris at lookout.net
Wed Jun 29 01:40:12 EDT 2011

There are a lot of interesting and complex rules around the way Unicode 
strings are handled in URIs/IRIs and IDNs in particular.  One such case 
is the way several characters each map to the "dot":


Are most spam and phishing filters IDN-aware?  Has anyone seen this 
technique used in practice to bypass them, or WAFs?


More information about the websecurity mailing list