[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
master 598038643f: Mark whole-script confusables as suspicious domains
From: |
Lars Ingebrigtsen |
Subject: |
master 598038643f: Mark whole-script confusables as suspicious domains |
Date: |
Wed, 19 Jan 2022 09:52:34 -0500 (EST) |
branch: master
commit 598038643f483eabe788d4910bea5d1518ee0015
Author: Lars Ingebrigtsen <larsi@gnus.org>
Commit: Lars Ingebrigtsen <larsi@gnus.org>
Mark whole-script confusables as suspicious domains
* lisp/international/textsec.el (textsec-domain-suspicious-p):
Consider domain names that are whole-script confusables with ASCII
to be suspicious. (I think this is what the Unicode standard is
recommending, but I'm not 100% sure.)
---
lisp/international/textsec.el | 8 +++++++-
test/lisp/international/textsec-tests.el | 5 ++++-
2 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/lisp/international/textsec.el b/lisp/international/textsec.el
index d861685f0b..63860d2250 100644
--- a/lisp/international/textsec.el
+++ b/lisp/international/textsec.el
@@ -245,8 +245,14 @@ or use certain other unusual mixtures of characters."
(throw 'found (format "Disallowed character: `%s' (#x%x)"
(string char) char))))
domain)
+ ;; Does IDNA allow it?
(unless (puny-highly-restrictive-domain-p domain)
- (throw 'found (format "%s is not highly-restrictive" domain)))
+ (throw 'found (format "`%s' is not highly-restrictive" domain)))
+ ;; Check whether any segment of the domain name is confusable with
+ ;; an ASCII-only segment.
+ (dolist (elem (split-string domain "\\."))
+ (when (textsec-ascii-confusable-p elem)
+ (throw 'found (format "`%s' is confusable with ASCII" elem))))
nil))
(defun textsec-local-address-suspicious-p (local)
diff --git a/test/lisp/international/textsec-tests.el
b/test/lisp/international/textsec-tests.el
index b68bce1dc7..8385c116f4 100644
--- a/test/lisp/international/textsec-tests.el
+++ b/test/lisp/international/textsec-tests.el
@@ -113,7 +113,10 @@
(ert-deftest test-suspiction-domain ()
(should (textsec-domain-suspicious-p "foo/bar.org"))
(should-not (textsec-domain-suspicious-p "foo.org"))
- (should (textsec-domain-suspicious-p "f\N{LEFT-TO-RIGHT ISOLATE}oo.org")))
+ (should (textsec-domain-suspicious-p "f\N{LEFT-TO-RIGHT ISOLATE}oo.org"))
+
+ (should (textsec-domain-suspicious-p "Сгсе.ru"))
+ (should-not (textsec-domain-suspicious-p "фСгсе.ru")))
(ert-deftest test-suspicious-local ()
(should-not (textsec-local-address-suspicious-p "larsi"))
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- master 598038643f: Mark whole-script confusables as suspicious domains,
Lars Ingebrigtsen <=