[Webkit-unassigned] [Bug 174816] [GTK][WPE] Need a "pretty" URI property

Wed Nov 8 04:25:38 PST 2017

https://bugs.webkit.org/show_bug.cgi?id=174816

Gabriel Ivașcu <givascu at igalia.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |givascu at igalia.com

--- Comment #8 from Gabriel Ivașcu <givascu at igalia.com> ---
(In reply to Michael Catanzaro from comment #0)
> If we add this property, we would need to include a defense against IDN
> homograph attacks. Epiphany does not currently have such a defense. So some
> research on IDN homograph defenses will be needed. I like the Firefox
> approach better than Chrome's approach. (Chrome completely bans characters
> that look like Latin characters, essentially banning Cyrillic URIs entirely.
> I'd rather have lower security than harm Cyrillic users like that.)

I did a bit research and if you wish to follow Mozilla's way, I think there are two approaches for this problem:

(1) Allow strings containing characters from the same language script only, e.g. all chars are Greek, all chars are Cyrillic, etc. This is easier to implement, but is more restrictive since it "blocks" non-Latin domains with characters from multiple scripts.

(2) Allow strings containing characters from the same language script and characters from some allowed combinations of scripts. This is what Mozilla does actually (https://wiki.mozilla.org/IDN_Display_Algorithm#Algorithm). It's more permissive than (1), but a bit harder to implement.

I'm willing to work on either (1) or (2). We can implement it in Epiphany first, and then move it to WebKit along with the code in ephy_uri_decode().

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20171108/c93b52ef/attachment-0001.html>