ruby violates all of them.
so do many other languages.
BTW identifiers are not just url's, mail addresses or variable names, but also usernames and paths (filenames, directory names). eg with RTL spoofing you can hide ../
nobody cares so far, esp. not Linux filesystems. Garbage in garbage out is a security risk. The old Apple HPFS at least normalized unicode, the new one is again insecure.
Every name needs to be identifiable. Simply enabling XID_Start + XID_Continue for unicode violates all unicode security recommendations. See the recommended Unicode Security Profiles 1-5, http://www.unicode.org/reports/tr39/#General_Security_Profil...
ruby violates all of them. so do many other languages.
BTW identifiers are not just url's, mail addresses or variable names, but also usernames and paths (filenames, directory names). eg with RTL spoofing you can hide ../
nobody cares so far, esp. not Linux filesystems. Garbage in garbage out is a security risk. The old Apple HPFS at least normalized unicode, the new one is again insecure.