Firefox don't accept the ".net TLD"

RESOLVED INVALID

Status

()

Firefox
General
RESOLVED INVALID
9 years ago
6 years ago

People

(Reporter: Bjørn Norén, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

9 years ago
User-Agent:       Opera/9.62 (Windows NT 5.1; U; nb) Presto/2.1.1
Build Identifier: Version3.04 (At today 30.november 2008 the latest version)

If you try to lauch my personal site:  "http://www.norén.net" Firefox displays "http://www.xn--norn-dpa.net/" in the adress field. IE or Opera or Safari displays the URL correct. I suspect this has to do with my peculiar "é" in the name. 

Reproducible: Always

Steps to Reproduce:
1. http://www.norén.net 
2.
3.
Actual Results:  
http://www.xn--norn-dpa.net/

Expected Results:  
http://www.norén.net 

works fine in other browsers like IE, Opera, Safari

Comment 1

9 years ago
http://en.wikipedia.org/wiki/Punycode
http://www.mozilla.org/projects/security/tld-idn-policy-list.html

This is done to prevent spoofing. i.e. to make sure it's quite clear that you're not at www.noren.net.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → INVALID

Comment 2

9 years ago
No, it's because the .net TLD is not safe from a so-called IDN homograph attack
(see <http://en.wikipedia.org/wiki/IDN_homograph_attack> for a full
explanantion).

Firefox has a built-in whitelist of TLD's that are safe, which . .net isn't
safe, but .no is (see <http://www.norén.no/> for instance). new TLDs are
regular added to the whitelist, when they have defined a good policy. But
existing domains in .com or .net are a real problem.

<http://www.mozilla.org/projects/security/tld-idn-policy-list.html> explains
more, and shows a workaround.

It seems that Firefox is much strict (insisting on the whitelist), Opera seems
to allow at least Latin-1 characters even if the TLD is not safe. That would
work for you, but not for someone registering an Cyrillic or Chinese domain
name. I can't find a bug in the dependency tree of bug 237820 that would fix
this.

Updated

6 years ago
Duplicate of this bug: 751565
You need to log in before you can comment on or make changes to this bug.