Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-60364

QUrl shows invalid encoded host with fake Apple domain

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P1: Critical
    • Resolution: Done
    • Affects Version/s: 5.8.0, 5.9.0 Beta 2
    • Fix Version/s: 5.6.3, 5.9.0
    • Component/s: Core: URL Handling
    • Labels:
      None
    • Environment:
      Archlinux, icu 58.2, gcc 6.3.1
    • Commits:
      b4a78bca9169776aec847c949caecc3a810856b3 9e2c6899e0a07edf525945a182d2537086441268)

      Description

      With the domain http://www.xn--80ak6aa92e.com (which is a proof-of-concept for using Unicode homographs for phishing - but I'll open a separate issue for that), showing the host in its original encoded form fails.

      This example:

      #include <QUrl>
      #include <QDebug>
      
      int main(int argc, char *argv[])
      {
          QUrl url("http://www.xn--80ak6aa92e.com");
          qDebug() << url.toDisplayString();
          qDebug() << url.toEncoded();
          qDebug() << url.host();
          qDebug() << url.host(QUrl::EncodeUnicode);
          return 0;
      }
      

      prints:

      "http://www.аррӏе.com"
      "http://www..com"
      "www.аррӏе.com"
      "www..com"
      

        Attachments

        For Gerrit Dashboard: QTBUG-60364
        # Subject Branch Project Status CR V

          Activity

            People

            • Assignee:
              thiago Thiago Macieira
              Reporter:
              the compiler Florian Bruhin
            • Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Gerrit Reviews

                There are no open Gerrit changes