-
-
Notifications
You must be signed in to change notification settings - Fork 6.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix punycode encoding of the local domain #21440
Conversation
6389990
to
ab1da93
Compare
144082b
to
b7bdd89
Compare
Sorry for all the force pushes... I missed a few places in my first attempt. Should be good to go, please review! If you want to see it in action, it's working great over at https://loðfíll.is. |
I think it would be better to add prettified local domain to initial-state. Sorry if this is misplaced. |
My intuition is that we should be doing it during rendering, since it is just a pretty rendering of a particular string when the context says it's a URL. But I might be wrong here. |
I think it would indeed be much simpler to just have the |
I'm not sure that would be correct, sometimes you want the punycoded domain, where the unicode representation would not work. That's the whole idea behind punycode! Similarly, there are some instances of |
I think |
Is any defence against homonym attacks needed here? Do we run the risk of fake Mastodon instance impersonating real ones using indistinguishable unicode charts? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The remote domains derived from account's acct
attributes are already utf8-encoded rather than punycode-encoded because the acct
attribute is “prettified” server-side, so no change is needed client-side there.
I think the local domain passed down from the initial state is only ever used for display, so I think it should be passed down as utf8-encoded rather than prettified in various places on the client-side.
One place I am not entirely sure what the best course of action would be is app/javascript/mastodon/components/domain.js
, as the server-side code currently returns punycode-encoded domains from the API. So either we indeed need to take care of that client-side, or change the API for consistency with acct
.
I'd say we do not need defense against homonym attacks for the local domain, since the local domain would be controlled by the attacker anyway. We may need defense against homonym attacks for remote domains, but this is not what the current PR is about. |
Ah, right, I saw the references to encoding the remote domains in the code, but if they're already encoded then nothing to worry about for this PR. |
I removed the unneccesary ones, per @ClearlyClaire. I still think this is the way to go, to render the domain when it's rendered. But I can change it so that the domain is prettified before being sent, if you think it's safe. |
I do think it is safe, yes. |
Alright, much simpler now! (sorry for the all the pushes, my git got into some weird state there for a second). |
Thanks again for the PR!
No worries! |
This adds a call to
punycode.toUnicode
to prettify the local domain, changing e.g.@matti@xn--lofll-1sat.is
to@matti@loðfíll.is
.This happens on the: