Closed Bug 286535 Opened 15 years ago Closed 15 years ago

Implement IDN character blacklist

Categories

(Core :: Networking, defect, major)

defect
Not set
major

Tracking

()

RESOLVED DUPLICATE of bug 301694

People

(Reporter: gerv, Assigned: darin.moz)

References

Details

(Whiteboard: [sg:fix])

Independent of bug 286354 (TLD blacklist), we also need a character blacklist to
deal with e.g. / homograph spoofing in 3rd and 4th level domains which are not
under the control of the registrar.

Opera have already got such a list, and we should probably take our cue from
what they do. In the long term, hopefully nameprep will get modified to disallow
such characters, and/or a consensus will emerge as to a global set. But we need
the infrastructure and a limited set of the most nasty characters in place now.

Ideally, if a banned character was found then punycode would be displayed for
that label, although rejecting the URL altogether is also an option if that's
not possible.
Should this really be a confidential bug? The problem and approach are both public.
Whiteboard: [sg:fix]
Probably not.

Gerv
Group: security

*** This bug has been marked as a duplicate of 301694 ***
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.