Issue metadata
Sign in to add a comment
|
IDN URL Spoofing
Reported by
rayyan...@gmail.com,
Aug 16 2017
|
||||||||||||||||||||||||
Issue descriptionThe chrome shows the following website in punnycode only if the TLD is .com gmaīl.co ( http://xn--gmal-sya.co/ ) Latin: U+012B ---------------------------------------- However, it shows the following web in punnycode whatever the TLD is, therefore, maybe something is wrong here. gmaῑl.co ( http://xn--gmal-nz6a.co/ ) Greek: U+1FD1
,
Aug 17 2017
,
Aug 17 2017
,
Aug 18 2017
,
Aug 21 2017
Nothing is wrong. It's working as intende. The second one is blocked because it's mixing Latin and Greek. The first one is blocked because it looks similar to one of top 10k domains (google.com).
,
Aug 21 2017
correction: > The first one is blocked because it looks similar to one of top 10k domains (google.com). The first one is NOT blocked because its skeleton (similarity skeleton) does not match one of top 10k domains. gmail.com is in the list but gmail.co is not.
,
Nov 28 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 19
|
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by elawrence@chromium.org
, Aug 16 2017Owner: js...@chromium.org
Status: Untriaged (was: Unconfirmed)
Summary: IDN URL Spoofing (was: URL Spoofing)