diff options
author | Mustafa Emre Acer <meacer@chromium.org> | 2019-05-18 00:47:57 +0000 |
---|---|---|
committer | Jüri Valdmann <juri.valdmann@qt.io> | 2019-08-09 13:46:06 +0000 |
commit | 65c74dd3316c12a4457a6fd202f9b4437186898c (patch) | |
tree | b231faed1da291a28da52a0f61de04c30c80f1d3 | |
parent | ea463a17641ac8052183d84841170ff6fa7d795c (diff) |
[Backport] Security bug 964002v5.13.1
IDN Spoofs: Prevent Latin letter Kra from being decoded to unicode
This CL adds U+0138 to the list of blocked characters. As a result, any domain
with this character will always be displayed as punycode.
Bug: 964002
Change-Id: Iac63cb94bde9d8d668094c12b5042d55e8e44162
Commit-Queue: Mustafa Emre Acer <meacer@chromium.org>
Reviewed-by: Tommy Li <tommycli@chromium.org>
Cr-Commit-Position: refs/heads/master@{#661125}
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
-rw-r--r-- | chromium/components/url_formatter/idn_spoof_checker.cc | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/chromium/components/url_formatter/idn_spoof_checker.cc b/chromium/components/url_formatter/idn_spoof_checker.cc index dcbc2d49cba..56627da7599 100644 --- a/chromium/components/url_formatter/idn_spoof_checker.cc +++ b/chromium/components/url_formatter/idn_spoof_checker.cc @@ -490,6 +490,9 @@ void IDNSpoofChecker::SetAllowedUnicodeSet(UErrorCode* status) { // Block modifier letter voicing. allowed_set.remove(0x2ecu); + // Block historic character Latin Kra (also blocked by Mozilla). + allowed_set.remove(0x0138); + // No need to block U+144A (Canadian Syllabics West-Cree P) separately // because it's blocked from mixing with other scripts including Latin. |