| blob | 8512d3272e83aa642da9db2073d2c3f7ac7cdffb |
1 // Copyright 2015 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 // https://source.chromium.org/chromium/chromium/src/+/main:LICENSE
6 // Tests nsIIDNService
7 // Imported from https://source.chromium.org/chromium/chromium/src/+/main:components/url_formatter/spoof_checks/idn_spoof_checker_unittest.cc;drc=e544837967287f956ba69af3b228b202e8e7cf1a
9 "use strict";
11 const idnService = Cc["@mozilla.org/network/idn-service;1"].getService(
12 Ci.nsIIDNService
13 );
15 const kSafe = 1;
16 const kUnsafe = 2;
17 const kInvalid = 3;
19 // prettier-ignore
20 let testCases = [
21 // No IDN
22 ["www.google.com", "www.google.com", kSafe],
23 ["www.google.com.", "www.google.com.", kSafe],
24 [".", ".", kSafe],
25 ["", "", kSafe],
26 // Invalid IDN
27 ["xn--example-.com", "xn--example-.com", kInvalid],
28 // IDN
29 // Hanzi (Traditional Chinese)
30 ["xn--1lq90ic7f1rc.cn", "\u5317\u4eac\u5927\u5b78.cn", kSafe],
31 // Hanzi ('video' in Simplified Chinese)
32 ["xn--cy2a840a.com", "\u89c6\u9891.com", kSafe],
33 // Hanzi + '123'
34 ["www.xn--123-p18d.com", "www.\u4e00123.com", kSafe],
35 // Hanzi + Latin : U+56FD is simplified
36 ["www.xn--hello-9n1hm04c.com", "www.hello\u4e2d\u56fd.com", kSafe],
37 // Kanji + Kana (Japanese)
38 ["xn--l8jvb1ey91xtjb.jp", "\u671d\u65e5\u3042\u3055\u3072.jp", kSafe],
39 // Katakana including U+30FC
40 ["xn--tckm4i2e.jp", "\u30b3\u30de\u30fc\u30b9.jp", kSafe],
41 ["xn--3ck7a7g.jp", "\u30ce\u30f3\u30bd.jp", kSafe],
42 // Katakana + Latin (Japanese)
43 ["xn--e-efusa1mzf.jp", "e\u30b3\u30de\u30fc\u30b9.jp", kSafe],
44 ["xn--3bkxe.jp", "\u30c8\u309a.jp", kSafe],
45 // Hangul (Korean)
46 ["www.xn--or3b17p6jjc.kr", "www.\uc804\uc790\uc815\ubd80.kr", kSafe],
47 // b<u-umlaut>cher (German)
48 ["xn--bcher-kva.de", "b\u00fccher.de", kSafe],
49 // a with diaeresis
50 ["www.xn--frgbolaget-q5a.se", "www.f\u00e4rgbolaget.se", kSafe],
51 // c-cedilla (French)
52 ["www.xn--alliancefranaise-npb.fr", "www.alliancefran\u00e7aise.fr", kSafe],
53 // caf'e with acute accent (French)
54 ["xn--caf-dma.fr", "caf\u00e9.fr", kSafe],
55 // c-cedillla and a with tilde (Portuguese)
56 ["xn--poema-9qae5a.com.br", "p\u00e3oema\u00e7\u00e3.com.br", kSafe],
57 // s with caron
58 ["xn--achy-f6a.com", "\u0161achy.com", kSafe],
59 ["xn--kxae4bafwg.gr", "\u03bf\u03c5\u03c4\u03bf\u03c0\u03af\u03b1.gr", kSafe],
60 // Eutopia + 123 (Greek)
61 ["xn---123-pldm0haj2bk.gr", "\u03bf\u03c5\u03c4\u03bf\u03c0\u03af\u03b1-123.gr", kSafe],
62 // Cyrillic (Russian)
63 ["xn--n1aeec9b.r", "\u0442\u043e\u0440\u0442\u044b.r", kSafe],
64 // Cyrillic + 123 (Russian)
65 ["xn---123-45dmmc5f.r", "\u0442\u043e\u0440\u0442\u044b-123.r", kSafe],
66 // 'president' in Russian. Is a wholescript confusable, but allowed.
67 ["xn--d1abbgf6aiiy.xn--p1ai", "\u043f\u0440\u0435\u0437\u0438\u0434\u0435\u043d\u0442.\u0440\u0444", kSafe],
68 // Arabic
69 ["xn--mgba1fmg.eg", "\u0627\u0641\u0644\u0627\u0645.eg", kSafe],
70 // Hebrew
71 ["xn--4dbib.he", "\u05d5\u05d0\u05d4.he", kSafe],
72 // Hebrew + Common
73 ["xn---123-ptf2c5c6bt.il", "\u05e2\u05d1\u05e8\u05d9\u05ea-123.il", kSafe],
74 // Thai
75 ["xn--12c2cc4ag3b4ccu.th", "\u0e2a\u0e32\u0e22\u0e01\u0e32\u0e23\u0e1a\u0e34\u0e19.th", kSafe],
76 // Thai + Common
77 ["xn---123-9goxcp8c9db2r.th", "\u0e20\u0e32\u0e29\u0e32\u0e44\u0e17\u0e22-123.th", kSafe],
78 // Devangari (Hindi)
79 ["www.xn--l1b6a9e1b7c.in", "www.\u0905\u0915\u094b\u0932\u093e.in", kSafe],
80 // Devanagari + Common
81 ["xn---123-kbjl2j0bl2k.in", "\u0939\u093f\u0928\u094d\u0926\u0940-123.in", kSafe],
83 // Block mixed numeric + numeric lookalike (12.com, using U+0577).
84 ["xn--1-xcc.com", "1\u0577.com", kUnsafe, "DISABLED"],
86 // Block mixed numeric lookalike + numeric (੨0.com, uses U+0A68).
87 ["xn--0-6ee.com", "\u0a680.com", kUnsafe],
88 // Block fully numeric lookalikes (৪੨.com using U+09EA and U+0A68).
89 ["xn--47b6w.com", "\u09ea\u0a68.com", kUnsafe],
90 // Block single script digit lookalikes (using three U+0A68 characters).
91 ["xn--qccaa.com", "\u0a68\u0a68\u0a68.com", kUnsafe, "DISABLED"],
93 // URL test with mostly numbers and one confusable character
94 // Georgian 'd' 4000.com
95 ["xn--4000-pfr.com", "\u10eb4000.com", kUnsafe, "DISABLED"],
97 // What used to be 5 Aspirational scripts in the earlier versions of UAX 31.
98 // UAX 31 does not define aspirational scripts any more.
99 // See http://www.unicode.org/reports/tr31/#Aspirational_Use_Scripts .
100 // Unified Canadian Syllabary
101 ["xn--dfe0tte.ca", "\u1456\u14c2\u14ef.ca", kUnsafe],
102 // Tifinagh
103 ["xn--4ljxa2bb4a6bxb.ma", "\u2d5c\u2d49\u2d3c\u2d49\u2d4f\u2d30\u2d56.ma", kUnsafe],
104 // Tifinagh with a disallowed character(U+2D6F)
105 ["xn--hmjzaby5d5f.ma", "\u2d5c\u2d49\u2d3c\u2d6f\u2d49\u2d4f.ma", kInvalid],
107 // Yi
108 ["xn--4o7a6e1x64c.cn", "\ua188\ua320\ua071\ua0b7.cn", kUnsafe],
109 // Mongolian - 'ordu' (place, camp)
110 ["xn--56ec8bp.cn", "\u1823\u1837\u1833\u1824.cn", kUnsafe],
111 // Mongolian with a disallowed character
112 ["xn--95e5de3ds.cn", "\u1823\u1837\u1804\u1833\u1824.cn", kUnsafe],
113 // Miao/Pollad
114 ["xn--2u0fpf0a.cn", "\U00016f04\U00016f62\U00016f59.cn", kUnsafe],
116 // Script mixing tests
117 // The following script combinations are allowed.
118 // HIGHLY_RESTRICTIVE with Latin limited to ASCII-Latin.
119 // ASCII-Latin + Japn (Kana + Han)
120 // ASCII-Latin + Kore (Hangul + Han)
121 // ASCII-Latin + Han + Bopomofo
122 // "payp<alpha>l.com"
123 ["xn--paypl-g9d.com", "payp\u03b1l.com", kUnsafe],
124 // google.gr with Greek omicron and epsilon
125 ["xn--ggl-6xc1ca.gr", "g\u03bf\u03bfgl\u03b5.gr", kUnsafe],
126 // google.ru with Cyrillic o
127 ["xn--ggl-tdd6ba.r", "g\u043e\u043egl\u0435.r", kUnsafe],
128 // h<e with acute>llo<China in Han>.cn
129 ["xn--hllo-bpa7979ih5m.cn", "h\u00e9llo\u4e2d\u56fd.cn", kUnsafe, "DISABLED"],
130 // <Greek rho><Cyrillic a><Cyrillic u>.ru
131 ["xn--2xa6t2b.r", "\u03c1\u0430\u0443.r", kUnsafe],
132 // Georgian + Latin
133 ["xn--abcef-vuu.test", "abc\u10ebef.test", kUnsafe],
134 // Hangul + Latin
135 ["xn--han-eb9ll88m.kr", "\ud55c\uae00han.kr", kSafe],
136 // Hangul + Latin + Han with IDN ccTLD
137 ["xn--han-or0kq92gkm3c.xn--3e0b707e", "\ud55c\uae00han\u97d3.\ud55c\uad6d", kSafe],
138 // non-ASCII Latin + Hangul
139 ["xn--caf-dma9024xvpg.kr", "caf\u00e9\uce74\ud398.kr", kUnsafe, "DISABLED"],
140 // Hangul + Hiragana
141 ["xn--y9j3b9855e.kr", "\ud55c\u3072\u3089.kr", kUnsafe],
142 // <Hiragana>.<Hangul> is allowed because script mixing check is per label.
143 ["xn--y9j3b.xn--3e0b707e", "\u3072\u3089.\ud55c\uad6d", kSafe],
144 // Traditional Han + Latin
145 ["xn--hanzi-u57ii69i.tw", "\u6f22\u5b57hanzi.tw", kSafe],
146 // Simplified Han + Latin
147 ["xn--hanzi-u57i952h.cn", "\u6c49\u5b57hanzi.cn", kSafe],
148 // Simplified Han + Traditonal Han
149 ["xn--hanzi-if9kt8n.cn", "\u6c49\u6f22hanzi.cn", kSafe],
150 // Han + Hiragana + Katakana + Latin
151 ["xn--kanji-ii4dpizfq59yuykqr4b.jp", "\u632f\u308a\u4eee\u540d\u30ab\u30bfkanji.jp", kSafe],
152 // Han + Bopomofo
153 ["xn--5ekcde0577e87tc.tw", "\u6ce8\u97f3\u3105\u3106\u3107\u3108.tw", kSafe],
154 // Han + Latin + Bopomofo
155 ["xn--bopo-ty4cghi8509kk7xd.tw", "\u6ce8\u97f3bopo\u3105\u3106\u3107\u3108.tw", kSafe],
156 // Latin + Bopomofo
157 ["xn--bopomofo-hj5gkalm.tw", "bopomofo\u3105\u3106\u3107\u3108.tw", kSafe],
158 // Bopomofo + Katakana
159 ["xn--lcka3d1bztghi.tw", "\u3105\u3106\u3107\u3108\u30ab\u30bf\u30ab\u30ca.tw", kUnsafe],
160 // Bopomofo + Hangul
161 ["xn--5ekcde4543qbec.tw", "\u3105\u3106\u3107\u3108\uc8fc\uc74c.tw", kUnsafe],
162 // Devanagari + Latin
163 ["xn--ab-3ofh8fqbj6h.in", "ab\u0939\u093f\u0928\u094d\u0926\u0940.in", kUnsafe],
164 // Thai + Latin
165 ["xn--ab-jsi9al4bxdb6n.th", "ab\u0e20\u0e32\u0e29\u0e32\u0e44\u0e17\u0e22.th", kUnsafe],
166 // Armenian + Latin
167 ["xn--bs-red.com", "b\u057ds.com", kUnsafe],
168 // Tibetan + Latin
169 ["xn--foo-vkm.com", "foo\u0f37.com", kUnsafe],
170 // Oriya + Latin
171 ["xn--fo-h3g.com", "fo\u0b66.com", kUnsafe],
172 // Gujarati + Latin
173 ["xn--fo-isg.com", "fo\u0ae6.com", kUnsafe],
174 // <vitamin in Katakana>b1.com
175 ["xn--b1-xi4a7cvc9f.com", "\u30d3\u30bf\u30df\u30f3b1.com", kSafe],
176 // Devanagari + Han
177 ["xn--t2bes3ds6749n.com", "\u0930\u094b\u0932\u0947\u76e7\u0938.com", kUnsafe],
178 // Devanagari + Bengali
179 ["xn--11b0x.in", "\u0915\u0995.in", kUnsafe],
180 // Canadian Syllabary + Latin
181 ["xn--ab-lym.com", "ab\u14bf.com", kUnsafe],
182 ["xn--ab1-p6q.com", "ab1\u14bf.com", kUnsafe],
183 ["xn--1ab-m6qd.com", "\u14bf1ab\u14bf.com", kUnsafe],
184 ["xn--ab-jymc.com", "\u14bfab\u14bf.com", kUnsafe],
185 // Tifinagh + Latin
186 ["xn--liy-bq1b.com", "li\u2d4fy.com", kUnsafe],
187 ["xn--rol-cq1b.com", "rol\u2d4f.com", kUnsafe],
188 ["xn--ily-8p1b.com", "\u2d4fily.com", kUnsafe],
189 ["xn--1ly-8p1b.com", "\u2d4f1ly.com", kUnsafe],
191 // Invisibility check
192 // Thai tone mark malek(U+0E48) repeated
193 ["xn--03c0b3ca.th", "\u0e23\u0e35\u0e48\u0e48.th", kUnsafe],
194 // Accute accent repeated
195 ["xn--a-xbba.com", "a\u0301\u0301.com", kInvalid],
196 // 'a' with acuted accent + another acute accent
197 ["xn--1ca20i.com", "\u00e1\u0301.com", kUnsafe, "DISABLED"],
198 // Combining mark at the beginning
199 ["xn--abc-fdc.jp", "\u0300abc.jp", kInvalid],
201 // The following three are detected by |dangerous_pattern| regex, but
202 // can be regarded as an extension of blocking repeated diacritic marks.
203 // i followed by U+0307 (combining dot above)
204 ["xn--pixel-8fd.com", "pi\u0307xel.com", kUnsafe],
205 // U+0131 (dotless i) followed by U+0307
206 ["xn--pxel-lza43z.com", "p\u0131\u0307xel.com", kUnsafe],
207 // j followed by U+0307 (combining dot above)
208 ["xn--jack-qwc.com", "j\u0307ack.com", kUnsafe],
209 // l followed by U+0307
210 ["xn--lace-qwc.com", "l\u0307ace.com", kUnsafe],
212 // Do not allow a combining mark after dotless i/j.
213 ["xn--pxel-lza29y.com", "p\u0131\u0300xel.com", kUnsafe],
214 ["xn--ack-gpb42h.com", "\u0237\u0301ack.com", kUnsafe],
216 // Mixed script confusable
217 // google with Armenian Small Letter Oh(U+0585)
218 ["xn--gogle-lkg.com", "g\u0585ogle.com", kUnsafe],
219 ["xn--range-kkg.com", "\u0585range.com", kUnsafe],
220 ["xn--cucko-pkg.com", "cucko\u0585.com", kUnsafe],
221 // Latin 'o' in Armenian.
222 ["xn--o-ybcg0cu0cq.com", "o\u0580\u0574\u0578\u0582\u0566\u0568.com", kUnsafe],
223 // Hiragana HE(U+3078) mixed with Katakana
224 ["xn--49jxi3as0d0fpc.com", "\u30e2\u30d2\u30fc\u30c8\u3078\u30d6\u30f3.com", kUnsafe, "DISABLED"],
226 // U+30FC should be preceded by a Hiragana/Katakana.
227 // Katakana + U+30FC + Han
228 ["xn--lck0ip02qw5ya.jp", "\u30ab\u30fc\u91ce\u7403.jp", kSafe],
229 // Hiragana + U+30FC + Han
230 ["xn--u8j5tr47nw5ya.jp", "\u304b\u30fc\u91ce\u7403.jp", kSafe],
231 // U+30FC + Han
232 ["xn--weka801xo02a.com", "\u30fc\u52d5\u753b\u30fc.com", kUnsafe],
233 // Han + U+30FC + Han
234 ["xn--wekz60nb2ay85atj0b.jp", "\u65e5\u672c\u30fc\u91ce\u7403.jp", kUnsafe],
235 // U+30FC at the beginning
236 ["xn--wek060nb2a.jp", "\u30fc\u65e5\u672c.jp", kUnsafe],
237 // Latin + U+30FC + Latin
238 ["xn--abcdef-r64e.jp", "abc\u30fcdef.jp", kUnsafe],
240 // U+30FB (・) is not allowed next to Latin, but allowed otherwise.
241 // U+30FB + Han
242 ["xn--vekt920a.jp", "\u30fb\u91ce.jp", kSafe],
243 // Han + U+30FB + Han
244 ["xn--vek160nb2ay85atj0b.jp", "\u65e5\u672c\u30fb\u91ce\u7403.jp", kSafe],
245 // Latin + U+30FB + Latin
246 ["xn--abcdef-k64e.jp", "abc\u30fbdef.jp", kUnsafe, "DISABLED"],
247 // U+30FB + Latin
248 ["xn--abc-os4b.jp", "\u30fbabc.jp", kUnsafe, "DISABLED"],
250 // U+30FD (ヽ) is allowed only after Katakana.
251 // Katakana + U+30FD
252 ["xn--lck2i.jp", "\u30ab\u30fd.jp", kSafe],
253 // Hiragana + U+30FD
254 ["xn--u8j7t.jp", "\u304b\u30fd.jp", kUnsafe, "DISABLED"],
255 // Han + U+30FD
256 ["xn--xek368f.jp", "\u4e00\u30fd.jp", kUnsafe, "DISABLED"],
257 ["xn--a-mju.jp", "a\u30fd.jp", kUnsafe, "DISABLED"],
258 ["xn--a1-bo4a.jp", "a1\u30fd.jp", kUnsafe, "DISABLED"],
260 // U+30FE (ヾ) is allowed only after Katakana.
261 // Katakana + U+30FE
262 ["xn--lck4i.jp", "\u30ab\u30fe.jp", kSafe],
263 // Hiragana + U+30FE
264 ["xn--u8j9t.jp", "\u304b\u30fe.jp", kUnsafe, "DISABLED"],
265 // Han + U+30FE
266 ["xn--yek168f.jp", "\u4e00\u30fe.jp", kUnsafe, "DISABLED"],
267 ["xn--a-oju.jp", "a\u30fe.jp", kUnsafe, "DISABLED"],
268 ["xn--a1-eo4a.jp", "a1\u30fe.jp", kUnsafe, "DISABLED"],
270 // Cyrillic labels made of Latin-look-alike Cyrillic letters.
271 // 1) ѕсоре.com with ѕсоре in Cyrillic.
272 ["xn--e1argc3h.com", "\u0455\u0441\u043e\u0440\u0435.com", kUnsafe, "DISABLED"],
273 // 2) ѕсоре123.com with ѕсоре in Cyrillic.
274 ["xn--123-qdd8bmf3n.com", "\u0455\u0441\u043e\u0440\u0435123.com", kUnsafe, "DISABLED"],
275 // 3) ѕсоре-рау.com with ѕсоре and рау in Cyrillic.
276 ["xn----8sbn9akccw8m.com", "\u0455\u0441\u043e\u0440\u0435-\u0440\u0430\u0443.com", kUnsafe, "DISABLED"],
277 // 4) ѕсоре1рау.com with scope and pay in Cyrillic and a non-letter between
278 // them.
279 ["xn--1-8sbn9akccw8m.com", "\u0455\u0441\u043e\u0440\u0435\u0031\u0440\u0430\u0443.com", kUnsafe, "DISABLED"],
281 // The same as above three, but in IDN TLD (рф).
282 // 1) ѕсоре.рф with ѕсоре in Cyrillic.
283 ["xn--e1argc3h.xn--p1ai", "\u0455\u0441\u043e\u0440\u0435.\u0440\u0444", kSafe],
284 // 2) ѕсоре123.рф with ѕсоре in Cyrillic.
285 ["xn--123-qdd8bmf3n.xn--p1ai", "\u0455\u0441\u043e\u0440\u0435123.\u0440\u0444", kSafe],
286 // 3) ѕсоре-рау.рф with ѕсоре and рау in Cyrillic.
287 ["xn----8sbn9akccw8m.xn--p1ai", "\u0455\u0441\u043e\u0440\u0435-\u0440\u0430\u0443.\u0440\u0444", kSafe],
288 // 4) ѕсоре1рау.com with scope and pay in Cyrillic and a non-letter between
289 // them.
290 ["xn--1-8sbn9akccw8m.xn--p1ai", "\u0455\u0441\u043e\u0440\u0435\u0031\u0440\u0430\u0443.\u0440\u0444", kSafe],
292 // Same as above three, but in .ru TLD.
293 // 1) ѕсоре.ru with ѕсоре in Cyrillic.
294 ["xn--e1argc3h.r", "\u0455\u0441\u043e\u0440\u0435.r", kSafe],
295 // 2) ѕсоре123.ru with ѕсоре in Cyrillic.
296 ["xn--123-qdd8bmf3n.r", "\u0455\u0441\u043e\u0440\u0435123.r", kSafe],
297 // 3) ѕсоре-рау.ru with ѕсоре and рау in Cyrillic.
298 ["xn----8sbn9akccw8m.r", "\u0455\u0441\u043e\u0440\u0435-\u0440\u0430\u0443.r", kSafe],
299 // 4) ѕсоре1рау.com with scope and pay in Cyrillic and a non-letter between
300 // them.
301 ["xn--1-8sbn9akccw8m.r", "\u0455\u0441\u043e\u0440\u0435\u0031\u0440\u0430\u0443.r", kSafe],
303 // ѕсоре-рау.한국 with ѕсоре and рау in Cyrillic. The label will remain
304 // punycode while the TLD will be decoded.
305 ["xn----8sbn9akccw8m.xn--3e0b707e", "xn----8sbn9akccw8m.\ud55c\uad6d", kSafe, "DISABLED"],
307 // музей (museum in Russian) has characters without a Latin-look-alike.
308 ["xn--e1adhj9a.com", "\u043c\u0443\u0437\u0435\u0439.com", kSafe],
310 // ѕсоԗе.com is Cyrillic with Latin lookalikes.
311 ["xn--e1ari3f61c.com", "\u0455\u0441\u043e\u0517\u0435.com", kUnsafe, "DISABLED"],
313 // ыоԍ.com is Cyrillic with Latin lookalikes.
314 ["xn--n1az74c.com", "\u044b\u043e\u050d.com", kUnsafe],
316 // сю.com is Cyrillic with Latin lookalikes.
317 ["xn--q1a0a.com", "\u0441\u044e.com", kUnsafe, "DISABLED"],
319 // Regression test for lowercase letters in whole script confusable
320 // lookalike character lists.
321 ["xn--80a8a6a.com", "\u0430\u044c\u0441.com", kUnsafe, "DISABLED"],
323 // googlе.한국 where е is Cyrillic. This tests the generic case when one
324 // label is not allowed but other labels in the domain name are still
325 // decoded. Here, googlе is left in punycode but the TLD is decoded.
326 ["xn--googl-3we.xn--3e0b707e", "xn--googl-3we.\ud55c\uad6d", kSafe],
328 // Combining Diacritic marks after a script other than Latin-Greek-Cyrillic
329 ["xn--rsa2568fvxya.com", "\ud55c\u0307\uae00.com", kUnsafe, "DISABLED"], // 한́글.com
330 ["xn--rsa0336bjom.com", "\u6f22\u0307\u5b57.com", kUnsafe, "DISABLED"], // 漢̇字.com
331 // नागरी́.com
332 ["xn--lsa922apb7a6do.com", "\u0928\u093e\u0917\u0930\u0940\u0301.com", kUnsafe, "DISABLED"],
334 // Similarity checks against the list of top domains. "digklmo68.com" and
335 // 'digklmo68.co.uk" are listed for unittest in the top domain list.
336 // đigklmo68.com:
337 ["xn--igklmo68-kcb.com", "\u0111igklmo68.com", kUnsafe, "DISABLED"],
338 // www.đigklmo68.com:
339 ["www.xn--igklmo68-kcb.com", "www.\u0111igklmo68.com", kUnsafe, "DISABLED"],
340 // foo.bar.đigklmo68.com:
341 ["foo.bar.xn--igklmo68-kcb.com", "foo.bar.\u0111igklmo68.com", kUnsafe, "DISABLED"],
342 // đigklmo68.co.uk:
343 ["xn--igklmo68-kcb.co.uk", "\u0111igklmo68.co.uk", kUnsafe, "DISABLED"],
344 // mail.đigklmo68.co.uk:
345 ["mail.xn--igklmo68-kcb.co.uk", "mail.\u0111igklmo68.co.uk", kUnsafe, "DISABLED"],
346 // di̇gklmo68.com:
347 ["xn--digklmo68-6jf.com", "di\u0307gklmo68.com", kUnsafe],
348 // dig̱klmo68.com:
349 ["xn--digklmo68-7vf.com", "dig\u0331klmo68.com", kUnsafe, "DISABLED"],
350 // digĸlmo68.com:
351 ["xn--diglmo68-omb.com", "dig\u0138lmo68.com", kUnsafe],
352 // digkłmo68.com:
353 ["xn--digkmo68-9ob.com", "digk\u0142mo68.com", kUnsafe, "DISABLED"],
354 // digklṃo68.com:
355 ["xn--digklo68-l89c.com", "digkl\u1e43o68.com", kUnsafe, "DISABLED"],
356 // digklmø68.com:
357 ["xn--digklm68-b5a.com", "digklm\u00f868.com", kUnsafe, "DISABLED"],
358 // digklmoб8.com:
359 ["xn--digklmo8-h7g.com", "digklmo\u04318.com", kUnsafe],
360 // digklmo6৪.com:
361 ["xn--digklmo6-7yr.com", "digklmo6\u09ea.com", kUnsafe],
363 // 'islkpx123.com' is in the test domain list.
364 // 'іѕӏкрх123' can look like 'islkpx123' in some fonts.
365 ["xn--123-bed4a4a6hh40i.com", "\u0456\u0455\u04cf\u043a\u0440\u0445123.com", kUnsafe, "DISABLED"],
367 // 'o2.com', '28.com', '39.com', '43.com', '89.com', 'oo.com' and 'qq.com'
368 // are all explicitly added to the test domain list to aid testing of
369 // Latin-lookalikes that are numerics in other character sets and similar
370 // edge cases.
371 //
372 // Bengali:
373 ["xn--07be.com", "\u09e6\u09e8.com", kUnsafe, "DISABLED"],
374 ["xn--27be.com", "\u09e8\u09ea.com", kUnsafe, "DISABLED"],
375 ["xn--77ba.com", "\u09ed\u09ed.com", kUnsafe, "DISABLED"],
376 // Gurmukhi:
377 ["xn--qcce.com", "\u0a68\u0a6a.com", kUnsafe, "DISABLED"],
378 ["xn--occe.com", "\u0a66\u0a68.com", kUnsafe, "DISABLED"],
379 ["xn--rccd.com", "\u0a6b\u0a69.com", kUnsafe, "DISABLED"],
380 ["xn--pcca.com", "\u0a67\u0a67.com", kUnsafe, "DISABLED"],
381 // Telugu:
382 ["xn--drcb.com", "\u0c69\u0c68.com", kUnsafe, "DISABLED"],
383 // Devanagari:
384 ["xn--d4be.com", "\u0966\u0968.com", kUnsafe, "DISABLED"],
385 // Kannada:
386 ["xn--yucg.com", "\u0ce6\u0ce9.com", kUnsafe, "DISABLED"],
387 ["xn--yuco.com", "\u0ce6\u0ced.com", kUnsafe, "DISABLED"],
388 // Oriya:
389 ["xn--1jcf.com", "\u0b6b\u0b68.com", kUnsafe, "DISABLED"],
390 ["xn--zjca.com", "\u0b66\u0b66.com", kUnsafe, "DISABLED"],
391 // Gujarati:
392 ["xn--cgce.com", "\u0ae6\u0ae8.com", kUnsafe, "DISABLED"],
393 ["xn--fgci.com", "\u0ae9\u0aed.com", kUnsafe, "DISABLED"],
394 ["xn--dgca.com", "\u0ae7\u0ae7.com", kUnsafe, "DISABLED"],
396 // wmhtb.com
397 ["xn--l1acpvx.com", "\u0448\u043c\u043d\u0442\u044c.com", kUnsafe, "DISABLED"],
398 // щмнть.com
399 ["xn--l1acpzs.com", "\u0449\u043c\u043d\u0442\u044c.com", kUnsafe, "DISABLED"],
400 // шмнтв.com
401 ["xn--b1atdu1a.com", "\u0448\u043c\u043d\u0442\u0432.com", kUnsafe, "DISABLED"],
402 // шмԋтв.com
403 ["xn--b1atsw09g.com", "\u0448\u043c\u050b\u0442\u0432.com", kUnsafe],
404 // шмԧтв.com
405 ["xn--b1atsw03i.com", "\u0448\u043c\u0527\u0442\u0432.com", kUnsafe, "DISABLED"],
406 // шмԋԏв.com
407 ["xn--b1at9a12dua.com", "\u0448\u043c\u050b\u050f\u0432.com", kUnsafe],
408 // ഠട345.com
409 ["xn--345-jtke.com", "\u0d20\u0d1f345.com", kUnsafe, "DISABLED"],
411 // Test additional confusable LGC characters (most of them without
412 // decomposition into base + diacritc mark). The corresponding ASCII
413 // domain names are in the test top domain list.
414 // ϼκαωχ.com
415 ["xn--mxar4bh6w.com", "\u03fc\u03ba\u03b1\u03c9\u03c7.com", kUnsafe, "DISABLED"],
416 // þħĸŧƅ.com
417 ["xn--vda6f3b2kpf.com", "\u00fe\u0127\u0138\u0167\u0185.com", kUnsafe],
418 // þhktb.com
419 ["xn--hktb-9ra.com", "\u00fehktb.com", kUnsafe, "DISABLED"],
420 // pħktb.com
421 ["xn--pktb-5xa.com", "p\u0127ktb.com", kUnsafe, "DISABLED"],
422 // phĸtb.com
423 ["xn--phtb-m0a.com", "ph\u0138tb.com", kUnsafe],
424 // phkŧb.com
425 ["xn--phkb-d7a.com", "phk\u0167b.com", kUnsafe, "DISABLED"],
426 // phktƅ.com
427 ["xn--phkt-ocb.com", "phkt\u0185.com", kUnsafe],
428 // ҏнкть.com
429 ["xn--j1afq4bxw.com", "\u048f\u043d\u043a\u0442\u044c.com", kUnsafe, "DISABLED"],
430 // ҏћкть.com
431 ["xn--j1aq4a7cvo.com", "\u048f\u045b\u043a\u0442\u044c.com", kUnsafe, "DISABLED"],
432 // ҏңкть.com
433 ["xn--j1aq4azund.com", "\u048f\u04a3\u043a\u0442\u044c.com", kUnsafe, "DISABLED"],
434 // ҏҥкть.com
435 ["xn--j1aq4azuxd.com", "\u048f\u04a5\u043a\u0442\u044c.com", kUnsafe, "DISABLED"],
436 // ҏӈкть.com
437 ["xn--j1aq4azuyj.com", "\u048f\u04c8\u043a\u0442\u044c.com", kUnsafe, "DISABLED"],
438 // ҏԧкть.com
439 ["xn--j1aq4azu9z.com", "\u048f\u0527\u043a\u0442\u044c.com", kUnsafe, "DISABLED"],
440 // ҏԩкть.com
441 ["xn--j1aq4azuq0a.com", "\u048f\u0529\u043a\u0442\u044c.com", kUnsafe, "DISABLED"],
442 // ҏнқть.com
443 ["xn--m1ak4azu6b.com", "\u048f\u043d\u049b\u0442\u044c.com", kUnsafe, "DISABLED"],
444 // ҏнҝть.com
445 ["xn--m1ak4azunc.com", "\u048f\u043d\u049d\u0442\u044c.com", kUnsafe, "DISABLED"],
446 // ҏнҟть.com
447 ["xn--m1ak4azuxc.com", "\u048f\u043d\u049f\u0442\u044c.com", kUnsafe, "DISABLED"],
448 // ҏнҡть.com
449 ["xn--m1ak4azu7c.com", "\u048f\u043d\u04a1\u0442\u044c.com", kUnsafe, "DISABLED"],
450 // ҏнӄть.com
451 ["xn--m1ak4azu8i.com", "\u048f\u043d\u04c4\u0442\u044c.com", kUnsafe, "DISABLED"],
452 // ҏнԟть.com
453 ["xn--m1ak4azuzy.com", "\u048f\u043d\u051f\u0442\u044c.com", kUnsafe, "DISABLED"],
454 // ҏнԟҭь.com
455 ["xn--m1a4a4nnery.com", "\u048f\u043d\u051f\u04ad\u044c.com", kUnsafe, "DISABLED"],
456 // ҏнԟҭҍ.com
457 ["xn--m1a4ne5jry.com", "\u048f\u043d\u051f\u04ad\u048d.com", kUnsafe, "DISABLED"],
458 // ҏнԟҭв.com
459 ["xn--b1av9v8dry.com", "\u048f\u043d\u051f\u04ad\u0432.com", kUnsafe, "DISABLED"],
460 // ҏӊԟҭв.com
461 ["xn--b1a9p8c1e8r.com", "\u048f\u04ca\u051f\u04ad\u0432.com", kUnsafe, "DISABLED"],
462 // wmŋr.com
463 ["xn--wmr-jxa.com", "wm\u014br.com", kUnsafe, "DISABLED"],
464 // шмпґ.com
465 ["xn--l1agz80a.com", "\u0448\u043c\u043f\u0491.com", kUnsafe, "DISABLED"],
466 // щмпґ.com
467 ["xn--l1ag2a0y.com", "\u0449\u043c\u043f\u0491.com", kUnsafe, "DISABLED"],
468 // щӎпґ.com
469 ["xn--o1at1tsi.com", "\u0449\u04ce\u043f\u0491.com", kUnsafe, "DISABLED"],
470 // ґғ.com
471 ["xn--03ae.com", "\u0491\u0493.com", kUnsafe, "DISABLED"],
472 // ґӻ.com
473 ["xn--03a6s.com", "\u0491\u04fb.com", kUnsafe, "DISABLED"],
474 // ҫұҳҽ.com
475 ["xn--r4amg4b.com", "\u04ab\u04b1\u04b3\u04bd.com", kUnsafe, "DISABLED"],
476 // ҫұӽҽ.com
477 ["xn--r4am0b8r.com", "\u04ab\u04b1\u04fd\u04bd.com", kUnsafe, "DISABLED"],
478 // ҫұӿҽ.com
479 ["xn--r4am0b3s.com", "\u04ab\u04b1\u04ff\u04bd.com", kUnsafe, "DISABLED"],
480 // ҫұӿҿ.com
481 ["xn--r4am6b4p.com", "\u04ab\u04b1\u04ff\u04bf.com", kUnsafe, "DISABLED"],
482 // ҫұӿє.com
483 ["xn--91a7osa62a.com", "\u04ab\u04b1\u04ff\u0454.com", kUnsafe, "DISABLED"],
484 // ӏԃԍ.com
485 ["xn--s5a8h4a.com", "\u04cf\u0503\u050d.com", kUnsafe],
487 // U+04CF(ӏ) is mapped to multiple characters, lowercase L(l) and
488 // lowercase I(i). Lowercase L is also regarded as similar to digit 1.
489 // The test domain list has {ig, ld, 1gd}.com for Cyrillic.
490 // ӏԍ.com
491 ["xn--s5a8j.com", "\u04cf\u050d.com", kUnsafe],
492 // ӏԃ.com
493 ["xn--s5a8h.com", "\u04cf\u0503.com", kUnsafe],
494 // ӏԍԃ.com
495 ["xn--s5a8h3a.com", "\u04cf\u050d\u0503.com", kUnsafe],
497 // 1շ34567890.com
498 ["xn--134567890-gnk.com", "1\u057734567890.com", kUnsafe, "DISABLED"],
499 // ꓲ2345б7890.com
500 ["xn--23457890-e7g93622b.com", "\ua4f22345\u04317890.com", kUnsafe],
501 // 1ᒿ345б7890.com
502 ["xn--13457890-e7g0943b.com", "1\u14bf345\u04317890.com", kUnsafe],
503 // 12з4567890.com
504 ["xn--124567890-10h.com", "12\u04374567890.com", kUnsafe, "DISABLED"],
505 // 12ҙ4567890.com
506 ["xn--124567890-1ti.com", "12\u04994567890.com", kUnsafe, "DISABLED"],
507 // 12ӡ4567890.com
508 ["xn--124567890-mfj.com", "12\u04e14567890.com", kUnsafe, "DISABLED"],
509 // 12उ4567890.com
510 ["xn--124567890-m3r.com", "12\u09094567890.com", kUnsafe, "DISABLED"],
511 // 12ও4567890.com
512 ["xn--124567890-17s.com", "12\u09934567890.com", kUnsafe, "DISABLED"],
513 // 12ਤ4567890.com
514 ["xn--124567890-hfu.com", "12\u0a244567890.com", kUnsafe, "DISABLED"],
515 // 12ဒ4567890.com
516 ["xn--124567890-6s6a.com", "12\u10124567890.com", kUnsafe, "DISABLED"],
517 // 12ვ4567890.com
518 ["xn--124567890-we8a.com", "12\u10D54567890.com", kUnsafe, "DISABLED"],
519 // 12პ4567890.com
520 ["xn--124567890-hh8a.com", "12\u10DE4567890.com", kUnsafe, "DISABLED"],
521 // 123ㄐ567890.com
522 ["xn--123567890-dr5h.com", "123ㄐ567890.com", kUnsafe, "DISABLED"],
523 // 123Ꮞ567890.com
524 ["xn--123567890-dm4b.com", "123\u13ce567890.com", kUnsafe],
525 // 12345б7890.com
526 ["xn--123457890-fzh.com", "12345\u04317890.com", kUnsafe, "DISABLED"],
527 // 12345ճ7890.com
528 ["xn--123457890-fmk.com", "12345ճ7890.com", kUnsafe, "DISABLED"],
529 // 1234567ȣ90.com
530 ["xn--123456790-6od.com", "1234567\u022390.com", kUnsafe],
531 // 12345678୨0.com
532 ["xn--123456780-71w.com", "12345678\u0b680.com", kUnsafe],
533 // 123456789ଠ.com
534 ["xn--123456789-ohw.com", "123456789\u0b20.com", kUnsafe, "DISABLED"],
535 // 123456789ꓳ.com
536 ["xn--123456789-tx75a.com", "123456789\ua4f3.com", kUnsafe],
538 // aeœ.com
539 ["xn--ae-fsa.com", "ae\u0153.com", kUnsafe, "DISABLED"],
540 // æce.com
541 ["xn--ce-0ia.com", "\u00e6ce.com", kUnsafe, "DISABLED"],
542 // æœ.com
543 ["xn--6ca2t.com", "\u00e6\u0153.com", kUnsafe, "DISABLED"],
544 // ӕԥ.com
545 ["xn--y5a4n.com", "\u04d5\u0525.com", kUnsafe, "DISABLED"],
547 // ငၔဌ၂ဝ.com (entirely made of Myanmar characters)
548 ["xn--ridq5c9hnd.com", "\u1004\u1054\u100c\u1042\u101d.com", kUnsafe, "DISABLED"],
550 // ฟรฟร.com (made of two Thai characters. similar to wsws.com in
551 // some fonts)
552 ["xn--w3calb.com", "\u0e1f\u0e23\u0e1f\u0e23.com", kUnsafe, "DISABLED"],
553 // พรบ.com
554 ["xn--r3chp.com", "\u0e1e\u0e23\u0e1a.com", kUnsafe, "DISABLED"],
555 // ฟรบ.com
556 ["xn--r3cjm.com", "\u0e1f\u0e23\u0e1a.com", kUnsafe, "DISABLED"],
558 // Lao characters that look like w, s, o, and u.
559 // ພຣບ.com
560 ["xn--f7chp.com", "\u0e9e\u0ea3\u0e9a.com", kUnsafe, "DISABLED"],
561 // ຟຣບ.com
562 ["xn--f7cjm.com", "\u0e9f\u0ea3\u0e9a.com", kUnsafe, "DISABLED"],
563 // ຟຮບ.com
564 ["xn--f7cj9b.com", "\u0e9f\u0eae\u0e9a.com", kUnsafe, "DISABLED"],
565 // ຟຮ໐ບ.com
566 ["xn--f7cj9b5h.com", "\u0e9f\u0eae\u0ed0\u0e9a.com", kUnsafe, "DISABLED"],
568 // Lao character that looks like n.
569 // ก11.com
570 ["xn--11-lqi.com", "\u0e0111.com", kUnsafe, "DISABLED"],
572 // At one point the skeleton of 'w' was 'vv', ensure that
573 // that it's treated as 'w'.
574 ["xn--wder-qqa.com", "w\u00f3der.com", kUnsafe, "DISABLED"],
576 // Mixed digits: the first two will also fail mixed script test
577 // Latin + ASCII digit + Deva digit
578 ["xn--asc1deva-j0q.co.in", "asc1deva\u0967.co.in", kUnsafe],
579 // Latin + Deva digit + Beng digit
580 ["xn--devabeng-f0qu3f.co.in", "deva\u0967beng\u09e7.co.in", kUnsafe],
581 // ASCII digit + Deva digit
582 ["xn--79-v5f.co.in", "7\u09ea9.co.in", kUnsafe],
583 // Deva digit + Beng digit
584 ["xn--e4b0x.co.in", "\u0967\u09e7.co.in", kUnsafe],
585 // U+4E00 (CJK Ideograph One) is not a digit, but it's not allowed next to
586 // non-Kana scripts including numbers.
587 ["xn--d12-s18d.cn", "d12\u4e00.cn", kUnsafe, "DISABLED"],
588 // One that's really long that will force a buffer realloc
589 ["aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", kSafe],
591 // Not allowed; characters outside [:Identifier_Status=Allowed:]
592 // Limited Use Scripts: UTS 31 Table 7.
593 // Vai
594 ["xn--sn8a.com", "\ua50b.com", kUnsafe],
595 // 'CARD' look-alike in Cherokee
596 ["xn--58db0a9q.com", "\u13df\u13aa\u13a1\u13a0.com", kUnsafe],
597 // Scripts excluded from Identifiers: UTS 31 Table 4
598 // Coptic
599 ["xn--5ya.com", "\u03e7.com", kUnsafe],
600 // Old Italic
601 ["xn--097cc.com", "\U00010300\U00010301.com", kUnsafe],
603 // U+115F (Hangul Filler)
604 ["xn--osd3820f24c.kr", "\uac00\ub098\u115f.kr", kInvalid],
605 ["www.xn--google-ho0coa.com", "www.\u2039google\u203a.com", kUnsafe],
606 // Latin small capital w: hardᴡare.com
607 ["xn--hardare-l41c.com", "hard\u1d21are.com", kUnsafe],
608 // Minus Sign(U+2212)
609 ["xn--t9g238xc2a.jp", "\u65e5\u2212\u672c.jp", kUnsafe],
610 // Latin Small Letter Script G: ɡɡ.com
611 ["xn--0naa.com", "\u0261\u0261.com", kUnsafe],
612 // Hangul Jamo(U+11xx)
613 ["xn--0pdc3b.com", "\u1102\u1103\u1110.com", kUnsafe],
614 // degree sign: 36°c.com
615 ["xn--36c-tfa.com", "36\u00b0c.com", kUnsafe],
616 // Pound sign
617 ["xn--5free-fga.com", "5free\u00a3.com", kUnsafe],
618 // Hebrew points (U+05B0, U+05B6)
619 ["xn--7cbl2kc2a.com", "\u05e1\u05b6\u05e7\u05b0\u05e1.com", kUnsafe],
620 // Danda(U+0964)
621 ["xn--81bp1b6ch8s.com", "\u0924\u093f\u091c\u0964\u0930\u0940.com", kUnsafe],
622 // Small letter script G(U+0261)
623 ["xn--oogle-qmc.com", "\u0261oogle.com", kUnsafe],
624 // Small Katakana Extension(U+31F1)
625 ["xn--wlk.com", "\u31f1.com", kUnsafe],
626 // Heart symbol: ♥
627 ["xn--ab-u0x.com", "ab\u2665.com", kUnsafe],
628 // Emoji
629 ["xn--vi8hiv.xyz", "\U0001f355\U0001f4a9.xyz", kUnsafe],
630 // Registered trade mark
631 ["xn--egistered-fna.com", "\u00aeegistered.com", kUnsafe],
632 // Latin Letter Retroflex Click
633 ["xn--registered-25c.com", "registered\u01c3.com", kUnsafe],
634 // ASCII '!' not allowed in IDN
635 ["xn--!-257eu42c.kr", "\uc548\ub155!.kr", kUnsafe],
636 // 'GOOGLE' in IPA extension: ɢᴏᴏɢʟᴇ
637 ["xn--1naa7pn51hcbaa.com", "\u0262\u1d0f\u1d0f\u0262\u029f\u1d07.com", kUnsafe],
638 // Padlock icon spoof.
639 ["xn--google-hj64e.com", "\U0001f512google.com", kUnsafe],
641 // Custom block list
642 // Combining Long Solidus Overlay
643 ["google.xn--comabc-k8d", "google.com\u0338abc", kUnsafe],
644 // Hyphenation Point instead of Katakana Middle dot
645 ["xn--svgy16dha.jp", "\u30a1\u2027\u30a3.jp", kUnsafe],
646 // Gershayim with other Hebrew characters is allowed.
647 ["xn--5db6bh9b.il", "\u05e9\u05d1\u05f4\u05e6.il", kSafe, "DISABLED"],
648 // Hebrew Gershayim with Latin is invalid according to Python's idna
649 // package.
650 ["xn--ab-yod.com", "a\u05f4b.com", kInvalid],
651 // Hebrew Gershayim with Arabic is disallowed.
652 ["xn--5eb7h.eg", "\u0628\u05f4.eg", kUnsafe],
653 // #if BUILDFLAG(IS_APPLE)
654 // These characters are blocked due to a font issue on Mac.
655 // Tibetan transliteration characters.
656 ["xn--com-lum.test.pl", "com\u0f8c.test.pl", kUnsafe],
657 // Arabic letter KASHMIRI YEH
658 ["xn--fgb.com", "\u0620.com", kUnsafe, "DISABLED"],
659 // #endif
661 // Hyphens (http://unicode.org/cldr/utility/confusables.jsp?a=-)
662 // Hyphen-Minus (the only hyphen allowed)
663 // abc-def
664 ["abc-def.com", "abc-def.com", kSafe],
665 // Modifier Letter Minus Sign
666 ["xn--abcdef-5od.com", "abc\u02d7def.com", kUnsafe],
667 // Hyphen
668 ["xn--abcdef-dg0c.com", "abc\u2010def.com", kUnsafe],
669 // Non-Breaking Hyphen
670 // This is actually an invalid IDNA domain (U+2011 normalizes to U+2010),
671 // but it is included to ensure that we do not inadvertently allow this
672 // character to be displayed as Unicode.
673 ["xn--abcdef-kg0c.com", "abc\u2011def.com", kInvalid],
674 // Figure Dash.
675 // Python's idna package refuses to decode the minus signs and dashes. ICU
676 // decodes them but treats them as unsafe in spoof checks, so these test
677 // cases are marked as unsafe instead of invalid.
678 ["xn--abcdef-rg0c.com", "abc\u2012def.com", kUnsafe],
679 // En Dash
680 ["xn--abcdef-yg0c.com", "abc\u2013def.com", kUnsafe],
681 // Hyphen Bullet
682 ["xn--abcdef-kq0c.com", "abc\u2043def.com", kUnsafe],
683 // Minus Sign
684 ["xn--abcdef-5d3c.com", "abc\u2212def.com", kUnsafe],
685 // Heavy Minus Sign
686 ["xn--abcdef-kg1d.com", "abc\u2796def.com", kUnsafe],
687 // Em Dash
688 // Small Em Dash (U+FE58) is normalized to Em Dash.
689 ["xn--abcdef-5g0c.com", "abc\u2014def.com", kUnsafe],
690 // Coptic Small Letter Dialect-P Ni. Looks like dash.
691 // Coptic Capital Letter Dialect-P Ni is normalized to small letter.
692 ["xn--abcdef-yy8d.com", "abc\u2cbbdef.com", kUnsafe],
694 // Block NV8 (Not valid in IDN 2008) characters.
695 // U+058A (֊)
696 ["xn--ab-vfd.com", "a\u058ab.com", kUnsafe],
697 ["xn--y9ac3j.com", "\u0561\u058a\u0562.com", kUnsafe],
698 // U+2019 (’)
699 ["xn--ab-n2t.com", "a\u2019b.com", kUnsafe],
700 // U+2027 (‧)
701 ["xn--ab-u3t.com", "a\u2027b.com", kUnsafe],
702 // U+30A0 (゠)
703 ["xn--ab-bg4a.com", "a\u30a0b.com", kUnsafe],
704 ["xn--9bk3828aea.com", "\uac00\u30a0\uac01.com", kUnsafe],
705 ["xn--9bk279fba.com", "\u4e00\u30a0\u4e00.com", kUnsafe],
706 ["xn--n8jl2x.com", "\u304a\u30a0\u3044.com", kUnsafe],
707 ["xn--fbke7f.com", "\u3082\u30a0\u3084.com", kUnsafe],
709 // Block single/double-quote-like characters.
710 // U+02BB (ʻ)
711 ["xn--ab-8nb.com", "a\u02bbb.com", kUnsafe, "DISABLED"],
712 // U+02BC (ʼ)
713 ["xn--ab-cob.com", "a\u02bcb.com", kUnsafe, "DISABLED"],
714 // U+144A: Not allowed to mix with scripts other than Canadian Syllabics.
715 ["xn--ab-jom.com", "a\u144ab.com", kUnsafe],
716 ["xn--xcec9s.com", "\u1401\u144a\u1402.com", kUnsafe],
718 // Custom dangerous patterns
719 // Two Katakana-Hiragana combining mark in a row
720 ["google.xn--com-oh4ba.evil.jp", "google.com\u309a\u309a.evil.jp", kUnsafe],
721 // Katakana Letter No not enclosed by {Han,Hiragana,Katakana}.
722 ["google.xn--comevil-v04f.jp", "google.com\u30ceevil.jp", kUnsafe, "DISABLED"],
723 // TODO(jshin): Review the danger of allowing the following two.
724 // Hiragana 'No' by itself is allowed.
725 ["xn--ldk.jp", "\u30ce.jp", kSafe],
726 // Hebrew Gershayim used by itself is allowed.
727 ["xn--5eb.il", "\u05f4.il", kSafe, "DISABLED"],
729 // Block RTL nonspacing marks (NSM) after unrelated scripts.
730 ["xn--foog-ycg.com", "foog\u0650.com", kUnsafe], // Latin + Arabic N]M
731 ["xn--foog-jdg.com", "foog\u0654.com", kUnsafe], // Latin + Arabic N]M
732 ["xn--foog-jhg.com", "foog\u0670.com", kUnsafe], // Latin + Arbic N]M
733 ["xn--foog-opf.com", "foog\u05b4.com", kUnsafe], // Latin + Hebrew N]M
734 ["xn--shb5495f.com", "\uac00\u0650.com", kUnsafe], // Hang + Arabic N]M
736 // 4 Deviation characters between IDNA 2003 and IDNA 2008
737 // When entered in Unicode, the first two are mapped to 'ss' and Greek sigma
738 // and the latter two are mapped away. However, the punycode form should
739 // remain in punycode.
740 // U+00DF(sharp-s)
741 ["xn--fu-hia.de", "fu\u00df.de", kUnsafe, "DISABLED"],
742 // U+03C2(final-sigma)
743 ["xn--mxac2c.gr", "\u03b1\u03b2\u03c2.gr", kUnsafe, "DISABLED"],
744 // U+200C(ZWNJ)
745 ["xn--h2by8byc123p.in", "\u0924\u094d\u200c\u0930\u093f.in", kUnsafe],
746 // U+200C(ZWJ)
747 ["xn--11b6iy14e.in", "\u0915\u094d\u200d.in", kUnsafe],
749 // Math Monospace Small A. When entered in Unicode, it's canonicalized to
750 // 'a'. The punycode form should remain in punycode.
751 ["xn--bc-9x80a.xyz", "\U0001d68abc.xyz", kInvalid],
752 // Math Sans Bold Capital Alpha
753 ["xn--bc-rg90a.xyz", "\U0001d756bc.xyz", kInvalid],
754 // U+3000 is canonicalized to a space(U+0020), but the punycode form
755 // should remain in punycode.
756 ["xn--p6j412gn7f.cn", "\u4e2d\u56fd\u3000", kInvalid],
757 // U+3002 is canonicalized to ASCII fullstop(U+002E), but the punycode form
758 // should remain in punycode.
759 ["xn--r6j012gn7f.cn", "\u4e2d\u56fd\u3002", kInvalid],
760 // Invalid punycode
761 // Has a codepoint beyond U+10FFFF.
762 ["xn--krank-kg706554a", "", kInvalid],
763 // '?' in punycode.
764 ["xn--hello?world.com", "", kInvalid],
766 // Not allowed in UTS46/IDNA 2008
767 // Georgian Capital Letter(U+10BD)
768 ["xn--1nd.com", "\u10bd.com", kInvalid],
769 // 3rd and 4th characters are '-'.
770 ["xn-----8kci4dhsd", "\u0440\u0443--\u0430\u0432\u0442\u043e", kInvalid],
771 // Leading combining mark
772 ["xn--72b.com", "\u093e.com", kInvalid],
773 // BiDi check per IDNA 2008/UTS 46
774 // Cannot starts with AN(Arabic-Indic Number)
775 ["xn--8hbae.eg", "\u0662\u0660\u0660.eg", kInvalid],
776 // Cannot start with a RTL character and ends with a LTR
777 ["xn--x-ymcov.eg", "\u062c\u0627\u0631x.eg", kInvalid],
778 // Can start with a RTL character and ends with EN(European Number)
779 ["xn--2-ymcov.eg", "\u062c\u0627\u06312.eg", kSafe],
780 // Can start with a RTL and end with AN
781 ["xn--mgbjq0r.eg", "\u062c\u0627\u0631\u0662.eg", kSafe],
783 // Extremely rare Latin letters
784 // Latin Ext B - Pinyin: ǔnion.com
785 ["xn--nion-unb.com", "\u01d4nion.com", kUnsafe, "DISABLED"],
786 // Latin Ext C: ⱴase.com
787 ["xn--ase-7z0b.com", "\u2c74ase.com", kUnsafe],
788 // Latin Ext D: ꝴode.com
789 ["xn--ode-ut3l.com", "\ua774ode.com", kUnsafe],
790 // Latin Ext Additional: ḷily.com
791 ["xn--ily-n3y.com", "\u1e37ily.com", kUnsafe, "DISABLED"],
792 // Latin Ext E: ꬺove.com
793 ["xn--ove-8y6l.com", "\uab3aove.com", kUnsafe],
794 // Greek Ext: ᾳβγ.com
795 ["xn--nxac616s.com", "\u1fb3\u03b2\u03b3.com", kInvalid],
796 // Cyrillic Ext A (label cannot begin with an illegal combining character).
797 ["xn--lrj.com", "\u2def.com", kInvalid],
798 // Cyrillic Ext B: ꙡ.com
799 ["xn--kx8a.com", "\ua661.com", kUnsafe],
800 // Cyrillic Ext C: ᲂ.com (Narrow o)
801 ["xn--43f.com", "\u1c82.com", kInvalid],
803 // The skeleton of Extended Arabic-Indic Digit Zero (۰) is a dot. Check that
804 // this is handled correctly (crbug/877045).
805 ["xn--dmb", "\u06f0", kSafe],
807 // Test that top domains whose skeletons are the same as the domain name are
808 // handled properly. In this case, tést.net should match test.net top
809 // domain and not be converted to unicode.
810 ["xn--tst-bma.net", "t\u00e9st.net", kUnsafe, "DISABLED"],
811 // Variations of the above, for testing crbug.com/925199.
812 // some.tést.net should match test.net.
813 ["some.xn--tst-bma.net", "some.t\u00e9st.net", kUnsafe, "DISABLED"],
814 // The following should not match test.net, so should be converted to
815 // unicode.
816 // ést.net (a suffix of tést.net).
817 ["xn--st-9ia.net", "\u00e9st.net", kSafe],
818 // some.ést.net
819 ["some.xn--st-9ia.net", "some.\u00e9st.net", kSafe],
820 // atést.net (tést.net is a suffix of atést.net)
821 ["xn--atst-cpa.net", "at\u00e9st.net", kSafe],
822 // some.atést.net
823 ["some.xn--atst-cpa.net", "some.at\u00e9st.net", kSafe],
825 // Modifier-letter-voicing should be blocked (wwwˬtest.com).
826 ["xn--wwwtest-2be.com", "www\u02ectest.com", kUnsafe, "DISABLED"],
828 // oĸ.com: Not a top domain, should be blocked because of Kra.
829 ["xn--o-tka.com", "o\u0138.com", kUnsafe],
831 // U+4E00 and U+3127 should be blocked when next to non-CJK.
832 ["xn--ipaddress-w75n.com", "ip\u4e00address.com", kUnsafe, "DISABLED"],
833 ["xn--ipaddress-wx5h.com", "ip\u3127address.com", kUnsafe, "DISABLED"],
834 // U+4E00 and U+3127 at the beginning and end of a string.
835 ["xn--google-gg5e.com", "google\u3127.com", kUnsafe, "DISABLED"],
836 ["xn--google-9f5e.com", "\u3127google.com", kUnsafe, "DISABLED"],
837 ["xn--google-gn7i.com", "google\u4e00.com", kUnsafe, "DISABLED"],
838 ["xn--google-9m7i.com", "\u4e00google.com", kUnsafe, "DISABLED"],
839 // These are allowed because U+4E00 and U+3127 are not immediately next to
840 // non-CJK.
841 ["xn--gamer-fg1hz05u.com", "\u4e00\u751fgamer.com", kSafe],
842 ["xn--gamer-kg1hy05u.com", "gamer\u751f\u4e00.com", kSafe],
843 ["xn--gamer-f94d4426b.com", "\u3127\u751fgamer.com", kSafe],
844 ["xn--gamer-k94d3426b.com", "gamer\u751f\u3127.com", kSafe],
845 ["xn--4gqz91g.com", "\u4e00\u732b.com", kSafe],
846 ["xn--4fkv10r.com", "\u3127\u732b.com", kSafe],
847 // U+4E00 with another ideograph.
848 ["xn--4gqc.com", "\u4e00\u4e01.com", kSafe],
850 // CJK ideographs looking like slashes should be blocked when next to
851 // non-CJK.
852 ["example.xn--comtest-k63k", "example.com\u4e36test", kUnsafe, "DISABLED"],
853 ["example.xn--comtest-u83k", "example.com\u4e40test", kUnsafe, "DISABLED"],
854 ["example.xn--comtest-283k", "example.com\u4e41test", kUnsafe, "DISABLED"],
855 ["example.xn--comtest-m83k", "example.com\u4e3ftest", kUnsafe, "DISABLED"],
856 // This is allowed because the ideographs are not immediately next to
857 // non-CJK.
858 ["xn--oiqsace.com", "\u4e36\u4e40\u4e41\u4e3f.com", kSafe],
860 // Kana voiced sound marks are not allowed.
861 ["xn--google-1m4e.com", "google\u3099.com", kUnsafe],
862 ["xn--google-8m4e.com", "google\u309A.com", kUnsafe],
864 // Small letter theta looks like a zero.
865 ["xn--123456789-yzg.com", "123456789\u03b8.com", kUnsafe, "DISABLED"],
867 ["xn--est-118d.net", "\u4e03est.net", kUnsafe, "DISABLED"],
868 ["xn--est-918d.net", "\u4e05est.net", kUnsafe, "DISABLED"],
869 ["xn--est-e28d.net", "\u4e06est.net", kUnsafe, "DISABLED"],
870 ["xn--est-t18d.net", "\u4e01est.net", kUnsafe, "DISABLED"],
871 ["xn--3-cq6a.com", "\u4e293.com", kUnsafe, "DISABLED"],
872 ["xn--cxe-n68d.com", "c\u4e2bxe.com", kUnsafe, "DISABLED"],
873 ["xn--cye-b98d.com", "cy\u4e42e.com", kUnsafe, "DISABLED"],
875 // U+05D7 can look like Latin n in many fonts.
876 ["xn--ceba.com", "\u05d7\u05d7.com", kUnsafe, "DISABLED"],
878 // U+00FE (þ) and U+00F0 (ð) are only allowed under the .is TLD.
879 ["xn--acdef-wva.com", "a\u00fecdef.com", kUnsafe, "DISABLED"],
880 ["xn--mnpqr-jta.com", "mn\u00f0pqr.com", kUnsafe, "DISABLED"],
881 ["xn--acdef-wva.is", "a\u00fecdef.is", kSafe],
882 ["xn--mnpqr-jta.is", "mn\u00f0pqr.is", kSafe],
884 // U+0259 (ə) is only allowed under the .az TLD.
885 ["xn--xample-vyc.com", "\u0259xample.com", kUnsafe, "DISABLED"],
886 ["xn--xample-vyc.az", "\u0259xample.az", kSafe],
888 // U+00B7 is only allowed on Catalan domains between two l's.
889 ["xn--googlecom-5pa.com", "google\u00b7com.com", kUnsafe, "DISABLED"],
890 ["xn--ll-0ea.com", "l\u00b7l.com", kUnsafe, "DISABLED"],
891 ["xn--ll-0ea.cat", "l\u00b7l.cat", kSafe],
892 ["xn--al-0ea.cat", "a\u00b7l.cat", kUnsafe, "DISABLED"],
893 ["xn--la-0ea.cat", "l\u00b7a.cat", kUnsafe, "DISABLED"],
894 ["xn--l-fda.cat", "\u00b7l.cat", kUnsafe, "DISABLED"],
895 ["xn--l-gda.cat", "l\u00b7.cat", kUnsafe, "DISABLED"],
897 ["xn--googlecom-gk6n.com", "google\u4e28com.com", kUnsafe, "DISABLED"],
898 ["xn--googlecom-0y6n.com", "google\u4e5bcom.com", kUnsafe, "DISABLED"],
899 ["xn--googlecom-v85n.com", "google\u4e03com.com", kUnsafe, "DISABLED"],
900 ["xn--googlecom-g95n.com", "google\u4e05com.com", kUnsafe, "DISABLED"],
901 ["xn--googlecom-go6n.com", "google\u4e36com.com", kUnsafe, "DISABLED"],
902 ["xn--googlecom-b76o.com", "google\u5341com.com", kUnsafe, "DISABLED"],
903 ["xn--googlecom-ql3h.com", "google\u3007com.com", kUnsafe, "DISABLED"],
904 ["xn--googlecom-0r5h.com", "google\u3112com.com", kUnsafe, "DISABLED"],
905 ["xn--googlecom-bu5h.com", "google\u311acom.com", kUnsafe, "DISABLED"],
906 ["xn--googlecom-qv5h.com", "google\u311fcom.com", kUnsafe, "DISABLED"],
907 ["xn--googlecom-0x5h.com", "google\u3127com.com", kUnsafe, "DISABLED"],
908 ["xn--googlecom-by5h.com", "google\u3128com.com", kUnsafe, "DISABLED"],
909 ["xn--googlecom-ly5h.com", "google\u3129com.com", kUnsafe, "DISABLED"],
910 ["xn--googlecom-5o5h.com", "google\u3108com.com", kUnsafe, "DISABLED"],
911 ["xn--googlecom-075n.com", "google\u4e00com.com", kUnsafe, "DISABLED"],
912 ["xn--googlecom-046h.com", "google\u31bacom.com", kUnsafe, "DISABLED"],
913 ["xn--googlecom-026h.com", "google\u31b3com.com", kUnsafe, "DISABLED"],
914 ["xn--googlecom-lg9q.com", "google\u5de5com.com", kUnsafe, "DISABLED"],
915 ["xn--googlecom-g040a.com", "google\u8ba0com.com", kUnsafe, "DISABLED"],
916 ["xn--googlecom-b85n.com", "google\u4e01com.com", kUnsafe, "DISABLED"],
918 // Whole-script-confusables. Cyrillic is sufficiently handled in cases above
919 // so it's not included here.
920 // Armenian:
921 ["xn--mbbkpm.com", "\u0578\u057d\u0582\u0585.com", kUnsafe, "DISABLED"],
922 ["xn--mbbkpm.am", "\u0578\u057d\u0582\u0585.am", kSafe],
923 ["xn--mbbkpm.xn--y9a3aq", "\u0578\u057d\u0582\u0585.\u0570\u0561\u0575", kSafe],
924 // Ethiopic:
925 ["xn--6xd66aa62c.com", "\u1220\u12d0\u12d0\u1350.com", kUnsafe, "DISABLED"],
926 ["xn--6xd66aa62c.et", "\u1220\u12d0\u12d0\u1350.et", kSafe],
927 ["xn--6xd66aa62c.xn--m0d3gwjla96a", "\u1220\u12d0\u12d0\u1350.\u12a2\u1275\u12ee\u1335\u12eb", kSafe],
928 // Greek:
929 ["xn--mxapd.com", "\u03b9\u03ba\u03b1.com", kUnsafe, "DISABLED"],
930 ["xn--mxapd.gr", "\u03b9\u03ba\u03b1.gr", kSafe],
931 ["xn--mxapd.xn--qxam", "\u03b9\u03ba\u03b1.\u03b5\u03bb", kSafe],
932 // Georgian:
933 ["xn--gpd3ag.com", "\u10fd\u10ff\u10ee.com", kUnsafe, "DISABLED"],
934 ["xn--gpd3ag.ge", "\u10fd\u10ff\u10ee.ge", kSafe],
935 ["xn--gpd3ag.xn--node", "\u10fd\u10ff\u10ee.\u10d2\u10d4", kSafe],
936 // Hebrew:
937 ["xn--7dbh4a.com", "\u05d7\u05e1\u05d3.com", kUnsafe, "DISABLED"],
938 ["xn--7dbh4a.il", "\u05d7\u05e1\u05d3.il", kSafe],
939 ["xn--9dbq2a.xn--7dbh4a", "\u05e7\u05d5\u05dd.\u05d7\u05e1\u05d3", kSafe],
940 // Myanmar:
941 ["xn--oidbbf41a.com", "\u1004\u1040\u1002\u1001\u1002.com", kUnsafe, "DISABLED"],
942 ["xn--oidbbf41a.mm", "\u1004\u1040\u1002\u1001\u1002.mm", kSafe],
943 ["xn--oidbbf41a.xn--7idjb0f4ck", "\u1004\u1040\u1002\u1001\u1002.\u1019\u103c\u1014\u103a\u1019\u102c", kSafe],
944 // Myanmar Shan digits:
945 ["xn--rmdcmef.com", "\u1090\u1091\u1095\u1096\u1097.com", kUnsafe, "DISABLED"],
946 ["xn--rmdcmef.mm", "\u1090\u1091\u1095\u1096\u1097.mm", kSafe],
947 ["xn--rmdcmef.xn--7idjb0f4ck", "\u1090\u1091\u1095\u1096\u1097.\u1019\u103c\u1014\u103a\u1019\u102c", kSafe],
948 // Thai:
949 // #if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)
950 ["xn--o3cedqz2c.com", "\u0e17\u0e19\u0e1a\u0e1e\u0e23\u0e2b.com", kUnsafe, "DISABLED"],
951 ["xn--o3cedqz2c.th", "\u0e17\u0e19\u0e1a\u0e1e\u0e23\u0e2b.th", kSafe],
952 ["xn--o3cedqz2c.xn--o3cw4h", "\u0e17\u0e19\u0e1a\u0e1e\u0e23\u0e2b.\u0e44\u0e17\u0e22", kSafe],
953 // #else
954 ["xn--r3ch7hsc.com", "\u0e1e\u0e1a\u0e40\u0e50.com", kUnsafe, "DISABLED"],
955 ["xn--r3ch7hsc.th", "\u0e1e\u0e1a\u0e40\u0e50.th", kSafe],
956 ["xn--r3ch7hsc.xn--o3cw4h", "\u0e1e\u0e1a\u0e40\u0e50.\u0e44\u0e17\u0e22", kSafe],
957 // #endif
959 // Indic scripts:
960 // Bengali:
961 ["xn--07baub.com", "\u09e6\u09ed\u09e6\u09ed.com", kUnsafe, "DISABLED"],
962 // Devanagari:
963 ["xn--62ba6j.com", "\u093d\u0966\u093d.com", kUnsafe, "DISABLED"],
964 // Gujarati:
965 ["xn--becd.com", "\u0aa1\u0a9f.com", kUnsafe, "DISABLED"],
966 // Gurmukhi:
967 ["xn--occacb.com", "\u0a66\u0a67\u0a66\u0a67.com", kUnsafe, "DISABLED"],
968 // Kannada:
969 ["xn--stca6jf.com", "\u0cbd\u0ce6\u0cbd\u0ce7.com", kUnsafe, "DISABLED"],
970 // Malayalam:
971 ["xn--lwccv.com", "\u0d1f\u0d20\u0d27.com", kUnsafe, "DISABLED"],
972 // Oriya:
973 ["xn--zhca6ub.com", "\u0b6e\u0b20\u0b6e\u0b20.com", kUnsafe, "DISABLED"],
974 // Tamil:
975 ["xn--mlca6ab.com", "\u0b9f\u0baa\u0b9f\u0baa.com", kUnsafe, "DISABLED"],
976 // Telugu:
977 ["xn--brcaabbb.com", "\u0c67\u0c66\u0c67\u0c66\u0c67\u0c66.com", kUnsafe, "DISABLED"],
979 // IDN domain matching an IDN top-domain (f\u00f3\u00f3.com)
980 ["xn--fo-5ja.com", "f\u00f3o.com", kUnsafe, "DISABLED"],
982 // crbug.com/769547: Subdomains of top domains should be allowed.
983 ["xn--xample-9ua.test.net", "\u00e9xample.test.net", kSafe],
984 // Skeleton of the eTLD+1 matches a top domain, but the eTLD+1 itself is
985 // not a top domain. Should not be decoded to unicode.
986 ["xn--xample-9ua.test.xn--nt-bja", "\u00e9xample.test.n\u00e9t", kUnsafe, "DISABLED"],
988 // Digit lookalike check of 16კ.com with character “კ” (U+10D9)
989 // Test case for https://crbug.com/1156531
990 ["xn--16-1ik.com", "16\u10d9.com", kUnsafe, "DISABLED"],
992 // Skeleton generator check of officeკ65.com with character “კ” (U+10D9)
993 // Test case for https://crbug.com/1156531
994 ["xn--office65-l04a.com", "office\u10d965.com", kUnsafe],
996 // Digit lookalike check of 16ੜ.com with character “ੜ” (U+0A5C)
997 // Test case for https://crbug.com/1156531 (missed skeleton map)
998 ["xn--16-ogg.com", "16\u0a5c.com", kUnsafe, "DISABLED"],
1000 // Skeleton generator check of officeੜ65.com with character “ੜ” (U+0A5C)
1001 // Test case for https://crbug.com/1156531 (missed skeleton map)
1002 ["xn--office65-hts.com", "office\u0a5c65.com", kUnsafe],
1004 // New test cases go ↑↑ above.
1006 // /!\ WARNING: You MUST use tools/security/idn_test_case_generator.py to
1007 // generate new test cases, as specified by the comment at the top of this
1008 // test list. Why must you use that python script?
1009 // 1. It is easy to get things wrong. There were several hand-crafted
1010 // incorrect test cases committed that was later fixed.
1011 // 2. This test _also_ is a test of Chromium's IDN encoder/decoder, so using
1012 // Chromium's IDN encoder/decoder to generate test files loses an
1013 // advantage of having Python's IDN encode/decode the tests.
1014 ];
1016 function checkEquals(a, b, message, expectedFail) {
1017 if (!expectedFail) {
1018 Assert.equal(a, b, message);
1019 } else {
1020 Assert.notEqual(a, b, `EXPECTED-FAIL: ${message}`);
1021 }
1022 }
1024 add_task(async function test_chrome_spoofs() {
1025 for (let test of testCases) {
1026 let isAscii = {};
1027 let result = idnService.convertToDisplayIDN(test[0], isAscii);
1028 let expectedFail = test.length == 4 && test[3] == "DISABLED";
1029 if (test[2] == kSafe) {
1030 checkEquals(
1031 result,
1032 test[1],
1033 `kSafe label ${test[0]} should convert to ${test[1]}`,
1034 expectedFail
1035 );
1036 } else if (test[2] == kUnsafe) {
1037 checkEquals(
1038 result,
1039 test[0],
1040 `kUnsafe label ${test[0]} should not convert to ${test[1]}`,
1041 expectedFail
1042 );
1043 } else if (test[2] == kInvalid) {
1044 checkEquals(
1045 result,
1046 test[0],
1047 `kInvalid label ${test[0]} should stay the same`,
1048 expectedFail
1049 );
1050 }
1051 }
1052 });