xn-- encoding shows the decoded one in URL bar
Categories
(Firefox :: Untriaged, defect)
Tracking
()
People
(Reporter: karl-police2001, Unassigned)
Details
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.104 Safari/537.36
Steps to reproduce:
Be on Firefox and access this link: "xn--80ak6aa92e.com"
Actual results:
You will successfully connect to the website, however the URL bar changes to https://www.аррӏе.com/
Expected results:
Read this https://www.xudongz.com/blog/2017/idn-phishing/
A warning should probably have happend. Nowadays I believe browsers support all unicode in the URL, so "xn--" is not really needed anymore.
People can abuse this and that would harm Firefox users.
Reporter | ||
Comment 1•3 years ago
|
||
note I reported this bug on Chrome but tested it on Firefox
Reporter | ||
Comment 2•3 years ago
|
||
note I reported this bug on Chrome but tested it on Firefox
Comment 3•3 years ago
|
||
This is already known, see https://bugzilla.mozilla.org/show_bug.cgi?id=1507582#c19 .
Updated•3 years ago
|
Description
•