You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A domain name containing non-ASCII characters will not resolve properly. According to RFC5890 domain names can contain any character in the Unicode charset. snudown incorrectly escapes these characters when used in a domain name which the DNS servers then cannot resolve. For instance, if I type http://domaintest.みんな/ (note: This is an issue in Github too) it is parsed into http://domaintest.%E3%81%BF%E3%82%93%E3%81%AA/. The valid link should either be punycode encoded such as http://domaintest.xn--q9jyb4c/, or not changed at all. The second option is not ideal as it potentially leaves open the door for XSS hacks (repeating the Great Reddipocalypse of October 28th, 2009).
Example here
This bug will not show up in Chrome as Chrome automatically translates hex encoded Unicode in domain names to punycode.
The text was updated successfully, but these errors were encountered:
A domain name containing non-ASCII characters will not resolve properly. According to RFC5890 domain names can contain any character in the Unicode charset. snudown incorrectly escapes these characters when used in a domain name which the DNS servers then cannot resolve. For instance, if I type http://domaintest.みんな/ (note: This is an issue in Github too) it is parsed into http://domaintest.%E3%81%BF%E3%82%93%E3%81%AA/. The valid link should either be punycode encoded such as http://domaintest.xn--q9jyb4c/, or not changed at all. The second option is not ideal as it potentially leaves open the door for XSS hacks (repeating the Great Reddipocalypse of October 28th, 2009).
Example here
This bug will not show up in Chrome as Chrome automatically translates hex encoded Unicode in domain names to punycode.
The text was updated successfully, but these errors were encountered: