space-like unicode char

You can paste this html/javascript codelet  to an html file in your 
webserver and see in your  MSIE brower.
You will see "www.microsoft.com" isolated in the addressbar from the 
"mozilla.org" domain suffix.
Fortunately, you will see blank space (no phishing page) if  you have 
recent IE patch.
This won't work in firefox 1.x which strips off  those special chars  
for unknow reasons before sending to
the address bar.

<script>
window.open(unescape("http://www.microsoft.com%u1160%u1160%u1160%u1160%u1160%u1160.mozilla.org/"),"_blank");
</script>

U+1160 is  a space-like char and even stringprep/nameprep does not 
filter it out  because
the char  is not for punctuational purpose.
U+1160 is just one example, and i guess there may be many alternatives 
that can be
used   as blank char alternatives.

U+1160 in the above example  is placed  in the 3rd level domain name label,
 over which  .org registry cannot  impose any regulations.

Soobok Lee