Reviewed by John.

        - fixed <rdar://problem/4016358> don't ever display IDN URLs with characters from "possible Latin look-alike" scripts

        * Misc.subproj/WebNSURLExtras.m:
        (containsPossibleLatinLookalikes): Added.
        (-[NSString _web_mapHostNameWithRange:encode:makeString:]): Call containsPossibleLatinLookalikes, and if true,
        don't decode the host name.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@8645 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/WebKit/ChangeLog b/WebKit/ChangeLog
index b1869f0daf0e9854ce2cce4003d575835593d4d5..a0d14b0a3b2288338a75b4d6428f78934ca6b0a2 100644 (file)
--- a/WebKit/ChangeLog
+++ b/WebKit/ChangeLog
@@ -1,3 +1,14 @@
+2005-02-21  Darin Adler  <darin@apple.com>
+
+        Reviewed by John.
+
+        - fixed <rdar://problem/4016358> don't ever display IDN URLs with characters from "possible Latin look-alike" scripts
+
+        * Misc.subproj/WebNSURLExtras.m:
+        (containsPossibleLatinLookalikes): Added.
+        (-[NSString _web_mapHostNameWithRange:encode:makeString:]): Call containsPossibleLatinLookalikes, and if true,
+        don't decode the host name.
+
 2005-02-19  Kevin Decker  <kdecker@apple.com>
 
         Reviewed by Chris.

diff --git a/WebKit/Misc.subproj/WebNSURLExtras.m b/WebKit/Misc.subproj/WebNSURLExtras.m
index 10a8346778e2437ea7274e2b9c11e07ddce730c8..c9b9a747d2654cef1143991d9db5d9e703efafd9 100644 (file)
--- a/WebKit/Misc.subproj/WebNSURLExtras.m
+++ b/WebKit/Misc.subproj/WebNSURLExtras.m
@@ -16,6 +16,7 @@
 #import <Foundation/NSURL_NSURLExtras.h>
 
 #import <unicode/uidna.h>
+#import <unicode/uscript.h>
 
 typedef void (* StringRangeApplierFunction)(NSString *string, NSRange range, void *context);
 
@@ -771,6 +772,34 @@ static NSString *mapHostNames(NSString *string, BOOL encode)
     return lastChar == '/' && [self _web_hasCaseInsensitivePrefix:@"ftp:"];
 }
 
+static bool containsPossibleLatinLookalikes(const UChar *buffer, int32_t length)
+{
+    int32_t i = 0;
+    while (i < length) {
+        UChar32 c;
+        U16_NEXT(buffer, i, length, c)
+        UErrorCode error = U_ZERO_ERROR;
+        UScriptCode script = uscript_getScript(c, &error);
+        if (error != U_ZERO_ERROR) {
+            ERROR("got ICU error while trying to look at scripts: %d", error);
+            return true;
+        }
+        // According to Deborah Goldsmith and the Unicode Technical committee, these are the
+        // three scripts that contain characters that look like Latin characters. So as a
+        // matter of policy, we don't display host names containing characters from these
+        // scripts in a "nice" way, to protect the user from misleading host names.
+        switch (script) {
+            case USCRIPT_CHEROKEE:
+            case USCRIPT_CYRILLIC:
+            case USCRIPT_GREEK:
+                return true;
+            default:
+                break;
+        }
+    }
+    return false;
+}
+
 // Return value of nil means no mapping is necessary.
 // If makeString is NO, then return value is either nil or self to indicate mapping is necessary.
 // If makeString is YES, then return value is either nil or the mapped string.
@@ -807,6 +836,9 @@ static NSString *mapHostNames(NSString *string, BOOL encode)
     if (numCharactersConverted == length && memcmp(sourceBuffer, destinationBuffer, length * sizeof(UChar)) == 0) {
         return nil;
     }
+    if (!encode && containsPossibleLatinLookalikes(destinationBuffer, numCharactersConverted)) {
+        return nil;
+    }
     return makeString ? [NSString stringWithCharacters:destinationBuffer length:numCharactersConverted] : self;
 }