Closed Bug 286535 Opened 15 years ago Closed 15 years ago
Implement IDN character blacklist
Independent of bug 286354 (TLD blacklist), we also need a character blacklist to deal with e.g. / homograph spoofing in 3rd and 4th level domains which are not under the control of the registrar. Opera have already got such a list, and we should probably take our cue from what they do. In the long term, hopefully nameprep will get modified to disallow such characters, and/or a consensus will emerge as to a global set. But we need the infrastructure and a limited set of the most nasty characters in place now. Ideally, if a banned character was found then punycode would be displayed for that label, although rejecting the URL altogether is also an option if that's not possible.
Should this really be a confidential bug? The problem and approach are both public.
Probably not. Gerv
*** This bug has been marked as a duplicate of 301694 ***
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.