Closed Bug 315666 Opened 18 years ago Closed 18 years ago
the escaped IDN is not working
In HTML or XHTML specs, if the value of URI contains non-ASCII character, it should be escaped by UTF-8 encoding. But if we write so, Mozilla don't treat as IDN the URI.
OS: Windows XP → All
Priority: -- → P1
Hardware: PC → All
Status: NEW → ASSIGNED
This is something we plan to support for Gecko 1.9. It's not something that will make the Gecko 1.8 (Firefox 1.5) release.
Target Milestone: --- → mozilla1.9alpha
Severity: normal → major
This patch works only escaped by UTF-8. I think that if we use mOriginCharset, it is not secure. See the comment that is in the patch.
(In reply to comment #2) > This is something we plan to support for Gecko 1.9. It's not something that > will make the Gecko 1.8 (Firefox 1.5) release. > Darin, Cannot this go to 1.8.1? This is HTML/XHTML bug too.
comments are rewritten.
NOTE for Web Developers: If you want to write valid IDN URI values in HTML/XHTML documents, please use punycode for host name. This is only way for valid HTML/XHTML documents. Of course, for IDN-less UA, this way is recommended.
Isn't this bug a duplicate of bug 309671?
this does look like a duplicate
Yes, it is a dup. The patch on bug 309671 does this too but also catches phishing attempts hidden in the escaped host ... only allowing escaped hosts is pretty dangerous. How about a superreview for the patches on bug 309671 darin?
Btw: The first two URLs from the testcase work well with the patches from bug 309671.
*** This bug has been marked as a duplicate of 309671 ***
Status: ASSIGNED → RESOLVED
Closed: 18 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.