[HTTPS-Everywhere] In Google.xml, why "[^/@:]"?

[Osama Khalid]

> Misspelled URLs could indicate an attempt to trick the user. We (if
> not the website operators) really should analyse them and warn the
> user if appropriate.

It's true that this can be the case, but I don't think we can overcome
this by a simple, publicly available regex. Yes, our regex will help
if the attacker tried to track users activity using a fake domain
named "www.google.%2.aa", but it'd do nothing for "www.google1.com".

I just think that the regular Firefox message should be shown if
something is wrong with the domain because that'd out of
HTTPSEverywhere scope.

--Osama Khalid