Daniel Lubarov

Is Facebook down?

Look, Facebook is down!

screenshot

It isn't really, but that link makes it appear down in some browsers. I just added the percent encoding of a unicode paragraph separator after http://www.facebook.com/. In some browsers, only http://www.facebook.com/ is visible; the user can't (easily) tell that the URL is funny.

This trick works on most websites. You can protect against it by redirecting to a sanitized URL, with line separators and paragraph separators removed. My blog does this, so this similarly crafted link won't give the user a 404.