Bug 1800628 - Fix more IDN spoofing cases (U+00FE, U+00F0 outside .is and .fo) r=necko-reviewers,kershaw

Differential Revision: https://phabricator.services.mozilla.com/D204103
This commit is contained in:
Valentin Gosu 2024-03-12 14:22:41 +00:00
parent 1d86a17240
commit 3d76fa7d1e
2 changed files with 10 additions and 3 deletions

View File

@ -751,6 +751,13 @@ bool nsIDNService::isLabelSafe(const nsAString& label, const nsAString& tld) {
return false;
}
// Disallow Icelandic confusables for domains outside Icelandic and Faroese
// ccTLD (.is, .fo)
if ((ch == 0xFE || ch == 0xF0) && !tld.EqualsLiteral("is") &&
!tld.EqualsLiteral("fo")) {
return false;
}
// Check for mixed numbering systems
auto genCat = GetGeneralCategory(ch);
if (genCat == HB_UNICODE_GENERAL_CATEGORY_DECIMAL_NUMBER) {

View File

@ -416,7 +416,7 @@ let testCases = [
// þħĸŧƅ.com
["xn--vda6f3b2kpf.com", "\u00fe\u0127\u0138\u0167\u0185.com", kUnsafe],
// þhktb.com
["xn--hktb-9ra.com", "\u00fehktb.com", kUnsafe, "DISABLED"],
["xn--hktb-9ra.com", "\u00fehktb.com", kUnsafe],
// pħktb.com
["xn--pktb-5xa.com", "p\u0127ktb.com", kUnsafe, "DISABLED"],
// phĸtb.com
@ -876,8 +876,8 @@ let testCases = [
["xn--ceba.com", "\u05d7\u05d7.com", kUnsafe, "DISABLED"],
// U+00FE (þ) and U+00F0 (ð) are only allowed under the .is TLD.
["xn--acdef-wva.com", "a\u00fecdef.com", kUnsafe, "DISABLED"],
["xn--mnpqr-jta.com", "mn\u00f0pqr.com", kUnsafe, "DISABLED"],
["xn--acdef-wva.com", "a\u00fecdef.com", kUnsafe],
["xn--mnpqr-jta.com", "mn\u00f0pqr.com", kUnsafe],
["xn--acdef-wva.is", "a\u00fecdef.is", kSafe],
["xn--mnpqr-jta.is", "mn\u00f0pqr.is", kSafe],