1
0

Merge pull request #22 from ghacksuserjs/earthlng-patch-2

network.IDN_show_punycode draft modifications
This commit is contained in:
earthlng 2017-02-21 20:04:41 +01:00 committed by GitHub
commit fd3311297d

View File

@ -1240,10 +1240,10 @@ user_pref("security.block_script_with_wrong_mime", true);
// WARNING: SVG is fairly common (~15% of the top 10K sites), so will cause some breakage // WARNING: SVG is fairly common (~15% of the top 10K sites), so will cause some breakage
// https://bugzilla.mozilla.org/show_bug.cgi?id=1216893 // https://bugzilla.mozilla.org/show_bug.cgi?id=1216893
user_pref("svg.disabled", true); user_pref("svg.disabled", true);
// 2672: force Punycode for Internationalized Domain Names to eliminate possible spoofing security risk. // 2672: force Punycode for Internationalized Domain Names to eliminate possible spoofing security risk
// Firefox has *some* protections to mitigate the risk, but it is better to be safe than sorry. // Firefox has *some* protections to mitigate the risk, but it is better to be safe than sorry.
// The downside: it will also display legitimate IDN's punycoded, which might be undesirable for // The downside: it will also display legitimate IDN's punycoded, which might be undesirable for
// users from countries with non-latin alphabets // users from countries with non-latin alphabets
// http://kb.mozillazine.org/Network.IDN_show_punycode // http://kb.mozillazine.org/Network.IDN_show_punycode
// https://wiki.mozilla.org/IDN_Display_Algorithm // https://wiki.mozilla.org/IDN_Display_Algorithm
// https://en.wikipedia.org/wiki/IDN_homograph_attack // https://en.wikipedia.org/wiki/IDN_homograph_attack