Closed Bug 220137 Opened 22 years ago Closed 8 years ago

The IDNA ToASCII process doesn't check for non-LDH ASCII in step 3a

Categories

(Core :: Internationalization, defect)

Product:
Core
Component:
Internationalization
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1365893

People

(Reporter: u113340, Assigned: smontagu)

References

(
URL
)

Details

User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.5) Gecko/20030916 Build Identifier: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.5) Gecko/20030916 IDNA ToASCII step 3a says: (a) Verify the absence of non-LDH ASCII code points; that is, the absence of 0..2C, 2E..2F, 3A..40, 5B..60, and 7B..7F. Domain names that include the characters when entered do not cause a failure, which they should. Domain names that get these characters after Nameprep also have the same failure. Reproducible: Always Steps to Reproduce: 1. Enter a name such at í!dn.org 2. 3. Actual Results: Mozilla went through Punycode and tried to go to the page. Expected Results: It should have followed the spec and failed.
This is an automated message, with ID "auto-resolve01". This bug has had no comments for a long time. Statistically, we have found that bug reports that have not been confirmed by a second user after three months are highly unlikely to be the source of a fix to the code. While your input is very important to us, our resources are limited and so we are asking for your help in focussing our efforts. If you can still reproduce this problem in the latest version of the product (see below for how to obtain a copy) or, for feature requests, if it's not present in the latest version and you still believe we should implement it, please visit the URL of this bug (given at the top of this mail) and add a comment to that effect, giving more reproduction information if you have it. If it is not a problem any longer, you need take no action. If this bug is not changed in any way in the next two weeks, it will be automatically resolved. Thank you for your help in this matter. The latest beta releases can be obtained from: Firefox: http://www.mozilla.org/projects/firefox/ Thunderbird: http://www.mozilla.org/products/thunderbird/releases/1.5beta1.html Seamonkey: http://www.mozilla.org/projects/seamonkey/
Confirming bug.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Darin, I am a little unsure about this bug and bug 220138. Steps 3a and 3b in RFC 3490 are prefaced by: If the UseSTD3ASCIIRules flag is set, then perform these checks: and earlier the RFC says: 3) For each label, decide whether or not to enforce the restrictions on ASCII characters in host names [STD3]. (Applications already faced this choice before the introduction of IDNA, and can continue to make the decision the same way they always have; IDNA makes no new recommendations regarding this choice.) If the restrictions are to be enforced, set the flag called "UseSTD3ASCIIRules" for that label. Now, as far as I have been able to determine, we do not enforce these restrictions (from RFC 952 as modified by RFC 1123) on uninternationalized host names such as http://id!n org or http://-idn.org. Does this mean that we should WONTFIX these two bugs, or widen their scope to include all host names (or is that bug 309672?)
URL: http://www.ietf.org/rfc/rfc3490.txt
bug 309672 just implements a better error message for invalid hosts. bug 309671 implements the handling of %-escaped hosts, bug 309128 extended the blacklist for invalid domainname characters. We now enfore the full set (just before DNS lookup). Still open, I think, is the handling of non-UTF8 encoded hosts, but I'm not sure.
QA Contact: amyy → i18n
Marking as a duplicate of a more organized bug I just filed. Somewhat sad this never got the attention it needed at the time it could still be fixed.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.