Closed Bug 542562 Opened 11 years ago Closed 11 years ago
international IDN domains (com, net,.. etc
.) do not encode/decode the URL
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6 (.NET CLR 3.5.30729) Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6 (.NET CLR 3.5.30729) IDN domains of following international domains are not encoded by firefox but by other browsers (IE8, Opera 10): COM, NET, ORG, EU Following IDN Domains work fine: BIZ, DE, AT, CH Problem is reproduceable everytime for the international domains: COM, NET, ORG, EU (maybe for more than this); other tested browsers (IE8, Opera10) do show the expected URL Reproducible: Always Steps to Reproduce: 1.Enter http://küssaburg.com 2.showing result: http://xn--kssaburg-65a.com/ 3. Actual Results: Problem is reproduceable everytime for the international domains: COM, NET, ORG, EU (maybe for more than this) Expected Results: expected URL: http://küssaburg.com
That's because .com and .net are not in the approved list of TLD's that can display IDN URL's (.org is fine actually). See <http://www.mozilla.org/projects/security/tld-idn-policy-list.html>, which also has a workaround. Mozilla does this to protect against certain security problems (see <http://en.wikipedia.org/wiki/IDN_homograph_attack>). Work is being done to improve this, see for instance bug 354592.
This needs to be fixed ASAP. It is a major PITA for non-English users.
I have written a add-on to hopefully help with this issue. IDN Navbar https://addons.mozilla.org/en-US/firefox/addon/109224 The IDN (International Domain Name) Navbar add-on provides address bar support for all IDN's, including '.com', '.net' and '.eu'. An 'IDN' address bar icon will be visible when this add-on has decoded a Punycode URL to it's IDN. Hopefully this will be of use to you until the IDN issues are resolved in Firefox 'core'. The add-on is still marked as 'experimental' because it's new and has not been reviewed yet, it should not crash your browser or cause any detrimental effects though.
this is as designed. these domains aren't supposed to be using idn yet (if ever) ... especially for security reasons. giving the bug to Gerv who probably has the last say. Do not reopen. To AMO admins: I respectfully request that an addon which defeats our security precautions be red flagged at the very least.
Assignee: nobody → gerv
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Component: General → Location Bar
QA Contact: general → location.bar
Resolution: --- → INVALID
Yes, definitely INVALID. Any registry can apply at any time for inclusion, as the above-linked document says, and the requirements are not IMO onerous. Just "prevent spoofing, we don't mind how you do it". Any registry which can't sign up to that is not one we want to allow IDN for. If you don't like this policy, write to your registry, point them at this URL: http://www.mozilla.org/projects/security/tld-idn-policy-list.html and encourage them to apply. Gerv
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.