Closed Bug 315666 Opened 19 years ago Closed 19 years ago

the escaped IDN is not working

Categories

(Core :: Networking, defect, P1)

defect

Tracking

()

RESOLVED DUPLICATE of bug 309671
mozilla1.9alpha1

People

(Reporter: masayuki, Assigned: masayuki)

Details

(Keywords: intl)

Attachments

(2 files, 1 obsolete file)

In HTML or XHTML specs, if the value of URI contains non-ASCII character, it should be escaped by UTF-8 encoding. But if we write so, Mozilla don't treat as IDN the URI.
OS: Windows XP → All
Priority: -- → P1
Hardware: PC → All
Status: NEW → ASSIGNED
This is something we plan to support for Gecko 1.9.  It's not something that will make the Gecko 1.8 (Firefox 1.5) release.
Target Milestone: --- → mozilla1.9alpha
Attached patch Patch rv1.0 (obsolete) — Splinter Review
Attachment #202351 - Flags: superreview?(darin)
Attachment #202351 - Flags: review?(darin)
Severity: normal → major
This patch works only escaped by UTF-8.
I think that if we use mOriginCharset, it is not secure.
See the comment that is in the patch.
(In reply to comment #2)
> This is something we plan to support for Gecko 1.9.  It's not something that
> will make the Gecko 1.8 (Firefox 1.5) release.
> 

Darin, Cannot this go to 1.8.1? This is HTML/XHTML bug too.
Flags: blocking1.8.1?
Attachment #202351 - Flags: superreview?(darin)
Attachment #202351 - Flags: review?(darin)
Attached patch Patch rv1.1Splinter Review
comments are rewritten.
Attachment #202351 - Attachment is obsolete: true
Attachment #202354 - Flags: superreview?(darin)
Attachment #202354 - Flags: review?(darin)
NOTE for Web Developers:

If you want to write valid IDN URI values in HTML/XHTML documents, please use punycode for host name. This is only way for valid HTML/XHTML documents. Of course, for IDN-less UA, this way is recommended.
Isn't this bug a duplicate of bug 309671?
this does look like a duplicate
Yes, it is a dup. The patch on bug 309671 does this too but also catches phishing attempts hidden in the escaped host ... only allowing escaped hosts is pretty dangerous. 

How about a superreview for the patches on bug 309671 darin?
Btw: The first two URLs from the testcase work well with the patches from bug 309671.
Attachment #202354 - Flags: superreview?(darin)
Attachment #202354 - Flags: review?(darin)

*** This bug has been marked as a duplicate of 309671 ***
Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
Flags: blocking1.8.1?
Flags: blocking1.8.1+
Flags: blocking1.8.1+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: