Title: [230533] trunk
- Revision
- 230533
- Author
- achristen...@apple.com
- Date
- 2018-04-11 10:31:53 -0700 (Wed, 11 Apr 2018)
Log Message
IDN spoofing with Hebrew combining characters
https://bugs.webkit.org/show_bug.cgi?id=184472
<rdar://problem/39148687>
Reviewed by Brent Fulgham.
Source/WebCore:
Covered by new API tests.
* platform/mac/WebCoreNSURLExtras.mm:
(WebCore::isLookalikeCharacter):
Punycode-encode hosts with Hebrew combining marks that look like dots
and Vav with a combining dot above like we do with dotless i and j.
Tools:
* TestWebKitAPI/Tests/WebCore/cocoa/URLExtras.mm:
(TestWebKitAPI::TEST):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (230532 => 230533)
--- trunk/Source/WebCore/ChangeLog 2018-04-11 17:28:24 UTC (rev 230532)
+++ trunk/Source/WebCore/ChangeLog 2018-04-11 17:31:53 UTC (rev 230533)
@@ -1,3 +1,18 @@
+2018-04-10 Alex Christensen <achristen...@webkit.org>
+
+ IDN spoofing with Hebrew combining characters
+ https://bugs.webkit.org/show_bug.cgi?id=184472
+ <rdar://problem/39148687>
+
+ Reviewed by Brent Fulgham.
+
+ Covered by new API tests.
+
+ * platform/mac/WebCoreNSURLExtras.mm:
+ (WebCore::isLookalikeCharacter):
+ Punycode-encode hosts with Hebrew combining marks that look like dots
+ and Vav with a combining dot above like we do with dotless i and j.
+
2018-04-11 Brent Fulgham <bfulg...@apple.com>
Show punycode if URL contains Latin dum character
Modified: trunk/Source/WebCore/platform/mac/WebCoreNSURLExtras.mm (230532 => 230533)
--- trunk/Source/WebCore/platform/mac/WebCoreNSURLExtras.mm 2018-04-11 17:28:24 UTC (rev 230532)
+++ trunk/Source/WebCore/platform/mac/WebCoreNSURLExtras.mm 2018-04-11 17:31:53 UTC (rev 230533)
@@ -206,6 +206,11 @@
case 0x33AF: /* SQUARE RAD OVER S SQUARED */
case 0x33C6: /* SQUARE C OVER KG */
case 0x33DF: /* SQUARE A OVER M */
+ case 0x05B9: /* HEBREW POINT HOLAM */
+ case 0x05BA: /* HEBREW POINT HOLAM HASER FOR VAV */
+ case 0x05C1: /* HEBREW POINT SHIN DOT */
+ case 0x05C2: /* HEBREW POINT SIN DOT */
+ case 0x05C4: /* HEBREW MARK UPPER DOT */
case 0xA731: /* LATIN LETTER SMALL CAPITAL S */
case 0xA771: /* LATIN SMALL LETTER DUM */
case 0xA789: /* MODIFIER LETTER COLON */
@@ -227,7 +232,8 @@
return YES;
case 0x0307: /* COMBINING DOT ABOVE */
return previousCodePoint == 0x0237 /* LATIN SMALL LETTER DOTLESS J */
- || previousCodePoint == 0x0131; /* LATIN SMALL LETTER DOTLESS I */
+ || previousCodePoint == 0x0131 /* LATIN SMALL LETTER DOTLESS I */
+ || previousCodePoint == 0x05D5; /* HEBREW LETTER VAV */
case 0x0548: /* ARMENIAN CAPITAL LETTER VO */
case 0x054D: /* ARMENIAN CAPITAL LETTER SEH */
case 0x0578: /* ARMENIAN SMALL LETTER VO */
Modified: trunk/Tools/ChangeLog (230532 => 230533)
--- trunk/Tools/ChangeLog 2018-04-11 17:28:24 UTC (rev 230532)
+++ trunk/Tools/ChangeLog 2018-04-11 17:31:53 UTC (rev 230533)
@@ -1,3 +1,14 @@
+2018-04-10 Alex Christensen <achristen...@webkit.org>
+
+ IDN spoofing with Hebrew combining characters
+ https://bugs.webkit.org/show_bug.cgi?id=184472
+ <rdar://problem/39148687>
+
+ Reviewed by Brent Fulgham.
+
+ * TestWebKitAPI/Tests/WebCore/cocoa/URLExtras.mm:
+ (TestWebKitAPI::TEST):
+
2018-04-11 Wenson Hsieh <wenson_hs...@apple.com>
[Extra zoom mode] Missing label when focusing a <select> with a title attribute but no associated <label>
Modified: trunk/Tools/TestWebKitAPI/Tests/WebCore/cocoa/URLExtras.mm (230532 => 230533)
--- trunk/Tools/TestWebKitAPI/Tests/WebCore/cocoa/URLExtras.mm 2018-04-11 17:28:24 UTC (rev 230532)
+++ trunk/Tools/TestWebKitAPI/Tests/WebCore/cocoa/URLExtras.mm 2018-04-11 17:31:53 UTC (rev 230533)
@@ -94,6 +94,13 @@
"xn--ews-nfe.org", // U+054D
"xn--yotube-qkh", // U+0578
"xn--cla-7fe.edu", // U+0578
+ "xn--rsa94l", // U+05D5 U+0307
+ "xn--hdb9c", // U+05D5 U+05B9
+ "xn--idb7c", // U+05D5 U+05BA
+ "xn--pdb3b", // U+05D5 U+05C1
+ "xn--qdb1b", // U+05D5 U+05C2
+ "xn--sdb7a", // U+05D5 U+05C4
+ "xn--2-zic", // U+0032 U+05E1
};
for (const String& host : punycodedSpoofHosts) {
auto url = "" host, "/").utf8();
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
