IDN display: top domain check is partly broken in M64 branch |
||||||||
Issue description
* How to reproduce
Copy'n'paste "wikipédia.org" to the omnibox
* Expected.
It's shown in punycode ( xn--wikipdia-f1a.org ).
* Actual
It's displayed 'wikipédia.org'.
Additional Information:
* Analysis
While updating ICU to 60, I didn't update the skeleton list for top 10k domains.
One letter ('w') has different skeletons in ICU 59 and ICU 60. w used to have 'vv' as a skeleton in ICU 59, but now its skeleton is itself (w).
Because the skeleton file is pre-calculated and its binary form is bundled with Chrome.
The bundled binary skeleton is obtained with ICU 59, while the run-time skeleton calculation for *incoming* domains is done with ICU 60.
As a result, spoofing attempts targeting a top 10k domain with 'w' in its domain name cannot be detected. (e.g. wikipédia.org would be shown as it is instead of in punycode).
This regressed in 64.x branch (ICU 60 updated was done in early November).
In ToT, it's already fixed by
https://chromium-review.googlesource.com/c/chromium/src/+/802765 .
(it missed a branch train by less than a day), but I'm filing this bug to faciliate a merge request to M64 branch.
Once canary has this fix. I'll ask for merge approval.
Original bugs: bug 703750 , bug 714628
,
Dec 3 2017
,
Dec 4 2017
Issue 791356 has been merged into this issue.
,
Dec 4 2017
,
Dec 4 2017
Verified the fix in 65.0.3284.0 canary build. Asking for merge to 64 branch (the train of which I missed). It's regressed only in 64 branch.
,
Dec 4 2017
Branch is 3282
,
Dec 11 2017
This issue has been approved for a merge. Please merge the fix to any appropriate branches as soon as possible! If all merges have been completed, please remove any remaining Merge-Approved labels from this issue. Thanks for your time! To disable nags, add the Disable-Nags label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Dec 11 2017
jshin@, reminder to please merge fix to 3282 branch soon.
,
Dec 12 2017
I'll Sorry for missing the approval and thank you for the approval.
,
Dec 12 2017
,
Dec 12 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/ef5c8da3bcd333db3068b1e1f386bf8738a4268b commit ef5c8da3bcd333db3068b1e1f386bf8738a4268b Author: Jungshik Shin <jshin@chromium.org> Date: Tue Dec 12 07:30:16 2017 [M64 branch] Update top domain skeletons for ICU 60 In ICU 60, the skeleton of 'w' is not 'vv' any more. It's just 'w'. The top domain gperf file was regenerated with ICU 60. TBR=cmasso@chromium.org Bug: 766816 , 791336 Test: components_unittests --gtest_filter=*IDN* Change-Id: Ifde69a696f8b3062803745f8a9ad242ca4915549 Reviewed-on: https://chromium-review.googlesource.com/802765 Commit-Queue: Jungshik Shin <jshin@chromium.org> Reviewed-by: Peter Kasting <pkasting@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#521148}(cherry picked from commit dc3b79aa88f9b77b7dc55c47e77b8f656598c45b) Reviewed-on: https://chromium-review.googlesource.com/822051 Reviewed-by: Jungshik Shin <jshin@chromium.org> Cr-Commit-Position: refs/branch-heads/3282@{#168} Cr-Branched-From: 5fdc0fab22ce7efd32532ee989b223fa12f8171e-refs/heads/master@{#520840} [modify] https://crrev.com/ef5c8da3bcd333db3068b1e1f386bf8738a4268b/components/url_formatter/top_domains/alexa_skeletons.gperf [modify] https://crrev.com/ef5c8da3bcd333db3068b1e1f386bf8738a4268b/components/url_formatter/url_formatter_unittest.cc
,
Mar 11 2018
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
||||||||
►
Sign in to add a comment |
||||||||
Comment 1 by js...@chromium.org
, Dec 3 2017