IDN mailto URLs display in UTF8 instead of ASCII
Reported by
dmitry.l...@gmail.com,
Dec 8 2016
|
||
Issue descriptionVULNERABILITY DETAILS Chrome previews IDN (Internationalized Domain Names) emails in UTF8 instead of punycode. If user moves cursor on the IDN site url than at the left bottom we see punycode address translation. If user moves cursor on the IDN email address than we see UTF8 string, which not differs from IDN and may confuse user. VERSION Chrome Version: 54.0.2840.99 m (64-bit) stable Operating System: Windwos 10 Home, v. 1607 REPRODUCTION CASE Create next page and open in Chrome <html> <head> </head> <body> <h1> Fake site </h1> </br> Fake Vimeo Email: <a href="mailto:test@ᴠimeo.com">test@ᴠimeo.com</a> Fake Vimeo Site: <a href="http://ᴠimeo.com">http://ᴠimeo.com</a> </body></html> In this example I used IDN ᴠimeo.com - I successfully registered it and tested for email receivement, so it is not thereotical threat. User will not see diference betwee original vimeo.com and fake ᴠimeo.com PS I think this problem may affect not only Windows version.
,
Aug 21
Archiving old bugs that haven't been actively assigned in over a year. If you feel this issue should still be addressed, feel free to reopen it or to file a new issue. Thanks!
,
Aug 21
Archiving old bugs that haven't been actively assigned in over a year. If you feel this issue should still be addressed, feel free to reopen it or to file a new issue. Thanks!
,
Aug 21
Archiving old bugs that haven't been actively assigned in over a year. If you feel this issue should still be addressed, feel free to reopen it or to file a new issue. Thanks! |
||
►
Sign in to add a comment |
||
Comment 1 by elawrence@chromium.org
, Dec 9 2016Labels: -Type-Bug-Security -Restrict-View-SecurityTeam Type-Bug
Status: Untriaged (was: Unconfirmed)
Summary: IDN mailto URLs display in UTF8 instead of ASCII (was: Security: IDN emails are not previewed in punycode format)