Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-60364

QUrl shows invalid encoded host with fake Apple domain

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • P1: Critical
    • 5.6.3, 5.9.0
    • 5.8.0, 5.9.0 Beta 2
    • Core: URL Handling
    • None
    • Archlinux, icu 58.2, gcc 6.3.1
    • b4a78bca9169776aec847c949caecc3a810856b3 9e2c6899e0a07edf525945a182d2537086441268)

    Description

      With the domain http://www.xn--80ak6aa92e.com (which is a proof-of-concept for using Unicode homographs for phishing - but I'll open a separate issue for that), showing the host in its original encoded form fails.

      This example:

      #include <QUrl>
      #include <QDebug>
      
      int main(int argc, char *argv[])
      {
          QUrl url("http://www.xn--80ak6aa92e.com");
          qDebug() << url.toDisplayString();
          qDebug() << url.toEncoded();
          qDebug() << url.host();
          qDebug() << url.host(QUrl::EncodeUnicode);
          return 0;
      }
      

      prints:

      "http://www.аррӏе.com"
      "http://www..com"
      "www.аррӏе.com"
      "www..com"
      

      Attachments

        Issue Links

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              thiago Thiago Macieira
              the compiler Florian Bruhin
              Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes