Thursday, November 24, 2005
Sugggestion: "Secure Unicode" drawing function
A couple of months ago - I sent this suggestion to Mitch Kaplan at Microsoft. He posted it here
Hi. I actualy tried finding the correct blog post to submit this response too - but I couldn't
Anyways - A while ago you had a couple of posts on internationalized text esspecially in the browser however you also mentioned how it can be used to cloak a bad file in explorer etc...
Would this make any sense at all?
In vista- Create a "Secure Unicode" Rendering function - Sort of a "overriden" implemetation of drawText that will draw a little squiglly under any unicode charecter that is deemed suspious (You linked to a RFC that had some good ideas there) - this suiglly would be draw in the sane pen as the font and it would look similiar to the squiggly that word draws under misspelled words.
In any situtation where a unicode char might be used to fool the user into doing something he probablyu does not want to do Windows ,(and third party apps0 can use this version to ensure that the user is notified when a charecter might not be exactly what it looks like.
I can see this being used in windows explorer for file listings - or perhpas in login text boxes etc, email address boxes (I can send yo a link asking you to send sensitive info to a email address that looks similiar to an address you trust) etc....
Just a thought (obvioussly..)