Issue metadata
Sign in to add a comment
|
xn--e1auc7f.com renders as a string resembling "espn.com" in the address bar
Reported by
markbemb...@gmail.com,
Jan 31 2017
|
||||||||||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.76 Safari/537.36 Steps to reproduce the problem: 1. Enter http://xn--e1auc7f.net (or .com, etc.) in the address bar. 2. Be amazed as the URL in the address bar now resembles "espn.net" or "espn.com". 3. Refrain from registering your own "xn--e1auc7f" domain and starting a fake news site. What is the expected behavior? The address bar should show "xn--e1auc7f.net" or the domain should be otherwise marked as potentially malicious. The ".com" version is currently hosting fake news: http://xn--e1auc7f.com/mma/conor-mcgregor-denies-ped-accusations/?adid=174719919481&sxid=1e8vnzsnjf14&tid=6f503241494d556935794c41305746586856786b7858736b49332f4230596d62 What went wrong? The domain renders as еѕрп.net (that's *not* an "n" before the dot) in the address bar instead of xn--e1auc7f.net, creating a large probability of confusion. Did this work before? N/A Chrome version: 56.0.2924.76 Channel: stable OS Version: 10.0 Flash Version: Shockwave Flash 24.0 r0
,
Feb 1 2017
Duplicated. Thanks for reporting this bug. We are aware of this issue in bug 683314 .
,
May 10 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 19
|
|||||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||||
Comment 1 by elawrence@chromium.org
, Jan 31 2017Components: UI>Browser>Omnibox UI>Security>UrlFormatting