Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-60364

QUrl shows invalid encoded host with fake Apple domain

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P1: Critical
    • Resolution: Done
    • Affects Version/s: 5.8.0, 5.9.0 Beta 2
    • Fix Version/s: 5.6.3, 5.9.0
    • Component/s: Core: URL Handling
    • Labels:
      None
    • Environment:
      Archlinux, icu 58.2, gcc 6.3.1
    • Commits:
      b4a78bca9169776aec847c949caecc3a810856b3 9e2c6899e0a07edf525945a182d2537086441268)

      Description

      With the domain http://www.xn--80ak6aa92e.com (which is a proof-of-concept for using Unicode homographs for phishing - but I'll open a separate issue for that), showing the host in its original encoded form fails.

      This example:

      #include <QUrl>
      #include <QDebug>
      
      int main(int argc, char *argv[])
      {
          QUrl url("http://www.xn--80ak6aa92e.com");
          qDebug() << url.toDisplayString();
          qDebug() << url.toEncoded();
          qDebug() << url.host();
          qDebug() << url.host(QUrl::EncodeUnicode);
          return 0;
      }
      

      prints:

      "http://www.аррӏе.com"
      "http://www..com"
      "www.аррӏе.com"
      "www..com"
      

        Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

            Assignee:
            thiago Thiago Macieira
            Reporter:
            the compiler Florian Bruhin
            Votes:
            1 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Gerrit Reviews

                There are no open Gerrit changes