467252 - Firefox don't accept the ".net TLD"

Status: RESOLVED INVALID

(Firefox :: General, defect)

Description

[Bjørn Norén]

User-Agent:       Opera/9.62 (Windows NT 5.1; U; nb) Presto/2.1.1
Build Identifier: Version3.04 (At today 30.november 2008 the latest version)

If you try to lauch my personal site:  "http://www.norén.net" Firefox displays "http://www.xn--norn-dpa.net/" in the adress field. IE or Opera or Safari displays the URL correct. I suspect this has to do with my peculiar "é" in the name. 

Reproducible: Always

Steps to Reproduce:
1. http://www.norén.net 
2.
3.
Actual Results:  
http://www.xn--norn-dpa.net/

Expected Results:  
http://www.norén.net 

works fine in other browsers like IE, Opera, Safari

Comment 1

[Dave Garrett]

http://en.wikipedia.org/wiki/Punycode
http://www.mozilla.org/projects/security/tld-idn-policy-list.html

This is done to prevent spoofing. i.e. to make sure it's quite clear that you're not at www.noren.net.

Comment 2

[Jo Hermans]

No, it's because the .net TLD is not safe from a so-called IDN homograph attack
(see <http://en.wikipedia.org/wiki/IDN_homograph_attack> for a full
explanantion).

Firefox has a built-in whitelist of TLD's that are safe, which . .net isn't
safe, but .no is (see <http://www.norén.no/> for instance). new TLDs are
regular added to the whitelist, when they have defined a good policy. But
existing domains in .com or .net are a real problem.

<http://www.mozilla.org/projects/security/tld-idn-policy-list.html> explains
more, and shows a workaround.

It seems that Firefox is much strict (insisting on the whitelist), Opera seems
to allow at least Latin-1 characters even if the TLD is not safe. That would
work for you, but not for someone registering an Cyrillic or Chinese domain
name. I can't find a bug in the dependency tree of bug 237820 that would fix
this.

Comment 3

[Dave Garrett]

bug 446285