QR codes essentially just encode text, as long as you’re using a sensible QR code reader and check any URLs before opening them there’s minimal risk to scanning a QR code.
Respectfully I think this is a minimal attack vector in this case due to the limited character set of urls. But thanks for the callout, I didn’t know there was a name for this sort of attack.
Modern browsers happily show you the actual characters, while sending their encoded entities to the server. So, from a user perspective there is no ASCII limitation. Case in point: söhne.at (just some random website, I have no idea what they are or if they are legitimate)
QR codes essentially just encode text, as long as you’re using a sensible QR code reader and check any URLs before opening them there’s minimal risk to scanning a QR code.
I still wouldn’t trust it because of homograph attacks.
Respectfully I think this is a minimal attack vector in this case due to the limited character set of urls. But thanks for the callout, I didn’t know there was a name for this sort of attack.
Modern browsers happily show you the actual characters, while sending their encoded entities to the server. So, from a user perspective there is no ASCII limitation. Case in point: söhne.at (just some random website, I have no idea what they are or if they are legitimate)