Use sane about:config value: network.IDN_show_punycode = true
While reading through various about:config security hardening guides, I found several bad default values for the Tor Browser:
- network.IDN_show_punycode = true
- Not rendering IDNs as their punycode equivalent leaves you open to phishing attacks that can be very difficult to notice. Source
(This issue was split from https://trac.torproject.org/projects/tor/ticket/27059)
Trac:
Username: floweb