* lisp/international/textsec.el (textsec-domain-suspicious-p):
Consider domain names that are whole-script confusables with ASCII
to be suspicious. (I think this is what the Unicode standard is
recommending, but I'm not 100% sure.)
(throw 'found (format "Disallowed character: `%s' (#x%x)"
(string char) char))))
domain)
+ ;; Does IDNA allow it?
(unless (puny-highly-restrictive-domain-p domain)
- (throw 'found (format "%s is not highly-restrictive" domain)))
+ (throw 'found (format "`%s' is not highly-restrictive" domain)))
+ ;; Check whether any segment of the domain name is confusable with
+ ;; an ASCII-only segment.
+ (dolist (elem (split-string domain "\\."))
+ (when (textsec-ascii-confusable-p elem)
+ (throw 'found (format "`%s' is confusable with ASCII" elem))))
nil))
(defun textsec-local-address-suspicious-p (local)
(ert-deftest test-suspiction-domain ()
(should (textsec-domain-suspicious-p "foo/bar.org"))
(should-not (textsec-domain-suspicious-p "foo.org"))
- (should (textsec-domain-suspicious-p "f\N{LEFT-TO-RIGHT ISOLATE}oo.org")))
+ (should (textsec-domain-suspicious-p "f\N{LEFT-TO-RIGHT ISOLATE}oo.org"))
+
+ (should (textsec-domain-suspicious-p "Сгсе.ru"))
+ (should-not (textsec-domain-suspicious-p "фСгсе.ru")))
(ert-deftest test-suspicious-local ()
(should-not (textsec-local-address-suspicious-p "larsi"))
projects / emacs.git / commitdiff