Add a pref to disable the IDN whitelist. Bug 722299, r=honza.b

modules/libpref/src/init/all.js

@@ -1050,9 +1050,10 @@ pref("network.enableIDN", true);
 // generate them from punycode.
 pref("network.IDN_show_punycode", false);
 
-// TLDs with "network.IDN.whitelist.tld" explicitly set to true are treated as 
+// If "network.IDN.use_whitelist" is set to true, TLDs with
+// "network.IDN.whitelist.tld" explicitly set to true are treated as
 // IDN-safe. Otherwise, they're treated as unsafe and punycode will be used
-// for displaying them in the UI (e.g. URL bar), unless they conform to one of 
+// for displaying them in the UI (e.g. URL bar), unless they conform to one of
 // the profiles specified in
 // http://www.unicode.org/reports/tr36/proposed.html#Security_Levels_and_Alerts
 // If "network.IDN.restriction_profile" is "high", the Highly Restrictive
@@ -1064,6 +1065,7 @@ pref("network.IDN_show_punycode", false);
 // "network.IDN_show_punycode" is false. In other words, all IDNs will be shown
 // in punycode if "network.IDN_show_punycode" is true.
 pref("network.IDN.restriction_profile", "moderate");
+pref("network.IDN.use_whitelist", true);
 
 // ccTLDs
 pref("network.IDN.whitelist.ac", true);

netwerk/dns/nsIDNService.cpp

@@ -31,6 +31,7 @@ static const uint32_t kMaxDNSNodeLen = 63;
 #define NS_NET_PREF_IDNBLACKLIST    "network.IDN.blacklist_chars"
 #define NS_NET_PREF_SHOWPUNYCODE    "network.IDN_show_punycode"
 #define NS_NET_PREF_IDNWHITELIST    "network.IDN.whitelist."
+#define NS_NET_PREF_IDNUSEWHITELIST "network.IDN.use_whitelist"
 #define NS_NET_PREF_IDNRESTRICTION  "network.IDN.restriction_profile"
 
 inline bool isOnlySafeChars(const nsAFlatString& in,
@@ -63,6 +64,7 @@ nsresult nsIDNService::Init()
     prefInternal->AddObserver(NS_NET_PREF_IDNBLACKLIST, this, true);
     prefInternal->AddObserver(NS_NET_PREF_SHOWPUNYCODE, this, true);
     prefInternal->AddObserver(NS_NET_PREF_IDNRESTRICTION, this, true);
+    prefInternal->AddObserver(NS_NET_PREF_IDNUSEWHITELIST, this, true);
     prefsChanged(prefInternal, nullptr);
   }
 
@@ -109,6 +111,12 @@ void nsIDNService::prefsChanged(nsIPrefBranch *prefBranch, const PRUnichar *pref
     if (NS_SUCCEEDED(prefBranch->GetBoolPref(NS_NET_PREF_SHOWPUNYCODE, &val)))
       mShowPunycode = val;
   }
+  if (!pref || NS_LITERAL_STRING(NS_NET_PREF_IDNUSEWHITELIST).Equals(pref)) {
+    bool val;
+    if (NS_SUCCEEDED(prefBranch->GetBoolPref(NS_NET_PREF_IDNUSEWHITELIST,
+                                             &val)))
+      mIDNUseWhitelist = val;
+  }
   if (!pref || NS_LITERAL_STRING(NS_NET_PREF_IDNRESTRICTION).Equals(pref)) {
     nsXPIDLCString profile;
     if (NS_FAILED(prefBranch->GetCharPref(NS_NET_PREF_IDNRESTRICTION,
@@ -705,7 +713,7 @@ nsresult nsIDNService::decodeACE(const nsACString& in, nsACString& out,
 
 bool nsIDNService::isInWhitelist(const nsACString &host)
 {
-  if (mIDNWhitelistPrefBranch) {
+  if (mIDNUseWhitelist && mIDNWhitelistPrefBranch) {
     nsAutoCString tld(host);
     // make sure the host is ACE for lookup and check that there are no
     // unassigned codepoints

netwerk/dns/nsIDNService.h

@@ -69,6 +69,7 @@ private:
   };
   restrictionProfile mRestrictionProfile;
   nsCOMPtr<nsIPrefBranch> mIDNWhitelistPrefBranch;
+  bool mIDNUseWhitelist;
 };
 
 #endif  // nsIDNService_h__