Closed Bug 842282 Opened 12 years ago Closed 12 years ago

Remove network.enableIDN pref


(Core :: Networking: DNS, defect)

Not set





(Reporter: gerv, Assigned: smontagu)




(1 file)

dveditz writes:

"If you set "network.enableIDN" to false then non-ascii URLs will simply fail to load, disenfranchising many legitimate sites around the world."

I don't see that this pref has a legitimate use, given the existence of the "network.IDN_show_punycode" pref, which means that the URLs still load but show punycode. Switching it breaks a large chunk of the web. We should remove network.enableIDN entirely.

Attached patch PatchSplinter Review
Attachment #715167 - Flags: review?(honzab.moz)
Attachment #715167 - Flags: review?(honzab.moz) → review+
I believe this is a very useful setting, which we should maintain.
3ric: can you explain why anyone would want to use this setting rather than network.IDN_show_punycode ?

As a reminder:

network.IDN_show_punycode displays all IDNs as punycode (to most people, a random jumble of Arabic numerals and Latin letters)

network.disableIDN breaks big chunks of the web by not allowing users to connect to any site with an IDN domain.

Unless you think _all_ IDN domains are suspicious and that the entire world should just keep using domain names in ASCII, then surely it's not a good idea to set the latter pref?

If you do think that, then imagine how you would feel if the Chinese had invented the Internet and, up to now, all domain names had been in Chinese characters...

We've had a hard time with IDN related settings which function properly.  While I agree this is a large switch disables the whole hot mess, it may be the only option when faced with vulnerabilities and active ongoing attacks. 

For example, does show_punycode really show the punycode in every dialog box and screen? (eg the ssl cert details? on every platform, language settings, etc?)
(In reply to 3ric Johanson from comment #4)
> For example, does show_punycode really show the punycode in every dialog box
> and screen? (eg the ssl cert details? on every platform, language settings,
> etc?)

smontagu: is that the desired behaviour of this pref, or does it cover only the URL bar?

If this is the desired behaviour, then any exception is a bug - so if you find somewhere like that, please do file one and we can look at it.

Yes, definitely that's the desired behaviour, and any exception is a bug.
Great. So 3ric - if you find any point in the Firefox UI where you still see the Unicode presentation of an IDN when the show_punycode pref is set to true, then please file a bug and make sure both I and smontagu are CCed on it. We will look at it with alacrity. Thank you :-)

ok, I looked at this for a bit: 

 - DisableIDN in fact doesn't. heh.  It disables some internal resolution of unicode to an accessible server, but it still shows unicode in the address bar. 

 - show_punycode seems to perform as I would expect, but I can't find a functional ssl site anywhere to test that on.  The cert I had expired years ago.
Assignee: nobody → smontagu
Closed: 12 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
Target Milestone: --- → mozilla22
Depends on: 892370
You need to log in before you can comment on or make changes to this bug.