[Webkit-unassigned] [Bug 16559] New: should unescape hostname first, then perform IDNA

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Dec 21 10:43:25 PST 2007


http://bugs.webkit.org/show_bug.cgi?id=16559

           Summary: should unescape hostname first, then perform IDNA
           Product: WebKit
           Version: 523.x (Safari 3)
          Platform: All
        OS/Version: All
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: Page Loading
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: erik at vanderpoel.org


Found another issue in Safari 3, where the unescaping and
punycoding are done in the wrong order. Here's an example:

<a href="http://&#x5341;%2ecom/">link</a>

When you click on that link, Safari ends up sending the following
(wrong) domain name to DNS: xn--.com-9b5j

This is because Safari is first running the host name through IDNA to
get Punycode and *then* unescaping the %2e to get the dot. It should
first unescape the %2e to get the dot, and then separate the host name
into labels, and then run IDNA on the 1st label only, since it is
non-ASCII. The result should be xn--kkr.com. Both MSIE 7 and Opera 9
get this right, but Firefox gets it wrong, in a different way.

This bug may be more serious than the following, since it affects how
a hostname is divided into labels at each dot.

http://bugs.webkit.org/show_bug.cgi?id=13167

I suspect that both of these bugs would be fixed by a single check-in.


-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.


More information about the webkit-unassigned mailing list