Is Facebook down?
Look, Facebook is down!
It isn't really, but that link makes it appear down in some browsers. I just added the percent encoding of a unicode paragraph separator after http://www.facebook.com/
. In some browsers, only http://www.facebook.com/
is visible; the user can't (easily) tell that the URL is funny.
This trick works on most websites. You can protect against it by redirecting to a sanitized URL, with line separators and paragraph separators removed. My blog does this, so this similarly crafted link won't give the user a 404.