Closed
Bug 467252
Opened 16 years ago
Closed 16 years ago
Firefox don't accept the ".net TLD"
Categories
(Firefox :: General, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: bjnore, Unassigned)
References
Details
User-Agent: Opera/9.62 (Windows NT 5.1; U; nb) Presto/2.1.1 Build Identifier: Version3.04 (At today 30.november 2008 the latest version) If you try to lauch my personal site: "http://www.norén.net" Firefox displays "http://www.xn--norn-dpa.net/" in the adress field. IE or Opera or Safari displays the URL correct. I suspect this has to do with my peculiar "é" in the name. Reproducible: Always Steps to Reproduce: 1. http://www.norén.net 2. 3. Actual Results: http://www.xn--norn-dpa.net/ Expected Results: http://www.norén.net works fine in other browsers like IE, Opera, Safari
Comment 1•16 years ago
|
||
http://en.wikipedia.org/wiki/Punycode http://www.mozilla.org/projects/security/tld-idn-policy-list.html This is done to prevent spoofing. i.e. to make sure it's quite clear that you're not at www.noren.net.
Status: UNCONFIRMED → RESOLVED
Closed: 16 years ago
Resolution: --- → INVALID
Comment 2•16 years ago
|
||
No, it's because the .net TLD is not safe from a so-called IDN homograph attack (see <http://en.wikipedia.org/wiki/IDN_homograph_attack> for a full explanantion). Firefox has a built-in whitelist of TLD's that are safe, which . .net isn't safe, but .no is (see <http://www.norén.no/> for instance). new TLDs are regular added to the whitelist, when they have defined a good policy. But existing domains in .com or .net are a real problem. <http://www.mozilla.org/projects/security/tld-idn-policy-list.html> explains more, and shows a workaround. It seems that Firefox is much strict (insisting on the whitelist), Opera seems to allow at least Latin-1 characters even if the TLD is not safe. That would work for you, but not for someone registering an Cyrillic or Chinese domain name. I can't find a bug in the dependency tree of bug 237820 that would fix this.
Comment 3•16 years ago
|
||
bug 446285
You need to log in
before you can comment on or make changes to this bug.
Description
•