summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMustafa Emre Acer <meacer@chromium.org>2019-05-18 00:47:57 +0000
committerJüri Valdmann <juri.valdmann@qt.io>2019-08-09 13:46:06 +0000
commit65c74dd3316c12a4457a6fd202f9b4437186898c (patch)
treeb231faed1da291a28da52a0f61de04c30c80f1d3
parentea463a17641ac8052183d84841170ff6fa7d795c (diff)
[Backport] Security bug 964002v5.13.1
IDN Spoofs: Prevent Latin letter Kra from being decoded to unicode This CL adds U+0138 to the list of blocked characters. As a result, any domain with this character will always be displayed as punycode. Bug: 964002 Change-Id: Iac63cb94bde9d8d668094c12b5042d55e8e44162 Commit-Queue: Mustafa Emre Acer <meacer@chromium.org> Reviewed-by: Tommy Li <tommycli@chromium.org> Cr-Commit-Position: refs/heads/master@{#661125} Reviewed-by: Michal Klocek <michal.klocek@qt.io>
-rw-r--r--chromium/components/url_formatter/idn_spoof_checker.cc3
1 files changed, 3 insertions, 0 deletions
diff --git a/chromium/components/url_formatter/idn_spoof_checker.cc b/chromium/components/url_formatter/idn_spoof_checker.cc
index dcbc2d49cba..56627da7599 100644
--- a/chromium/components/url_formatter/idn_spoof_checker.cc
+++ b/chromium/components/url_formatter/idn_spoof_checker.cc
@@ -490,6 +490,9 @@ void IDNSpoofChecker::SetAllowedUnicodeSet(UErrorCode* status) {
// Block modifier letter voicing.
allowed_set.remove(0x2ecu);
+ // Block historic character Latin Kra (also blocked by Mozilla).
+ allowed_set.remove(0x0138);
+
// No need to block U+144A (Canadian Syllabics West-Cree P) separately
// because it's blocked from mixing with other scripts including Latin.