Closed Bug 286535 Opened 19 years ago Closed 19 years ago

Implement IDN character blacklist

Categories

(Core :: Networking, defect)

Product:
Core
Component:
Networking
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED DUPLICATE of bug 301694

People

(Reporter: gerv, Assigned: darin.moz)

References

Details

(Whiteboard: [sg:fix]) 

Independent of bug 286354 (TLD blacklist), we also need a character blacklist to
deal with e.g. / homograph spoofing in 3rd and 4th level domains which are not
under the control of the registrar.

Opera have already got such a list, and we should probably take our cue from
what they do. In the long term, hopefully nameprep will get modified to disallow
such characters, and/or a consensus will emerge as to a global set. But we need
the infrastructure and a limited set of the most nasty characters in place now.

Ideally, if a banned character was found then punycode would be displayed for
that label, although rejecting the URL altogether is also an option if that's
not possible.
Should this really be a confidential bug? The problem and approach are both public.
Whiteboard: [sg:fix]
Probably not.

Gerv
Group: security

*** This bug has been marked as a duplicate of 301694 ***
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.