Marketing sold a URL with an emoji

Sad, it doesn't exist 😔

Can you do that? This would be a whole new world.

@Demolishun https://🏹.to/🔎🌎

@Demolishun yes but only on a few TLDs.
https://en.wikipedia.org/wiki/...

@j0n4s I think you can use punycode in the rest of the URL regardless of whether the TLD supports punycode domains, right?

My hunch about punycode is that once we're done exploiting it for phishing attacks, browsers will stop resolving characters that aren't in a well-known non-textlike block like emoji and aren't actively used by the user's current locale.

For instance, unicode has a stupid amount and variety of non-printable characters none of which should be valid URL elements, not to mention text directionality indicators which might be usable for the most hilarious phishing attack to date.

Just imagine hosting a fake crypto gifting event at

‮nioctib.net/moc.elgoog

@lorentz punycode is only needed for the domain, the rest of the url uses url encoding

https://en.wikipedia.org/wiki/...

@lorentz that's why firefox displays punycode domains as punycode

@lorentz something like "google.com/ten.bitcoin" wouldn't be possible as a vast majority of unicode symbols are prohibited in IDN (internal domain names).

See here for allowed/disallowed code points

https://unicode.org/Public/idna/...

And here under chapter 2.6 "Syntax Spoofing" you can see your specific example:

http://unicode.org/reports/tr36/...