From MozillaZine Knowledge Base

Background

IDN addresses have recently come under close scrutiny, mostly due to domain registrars failing to follow certain guidelines that help prevent a type of website spoofing attack.

Mozilla’s first response to the threat of this type of spoofing was to disable IDN support and instead display the more verbose form of IDN URLs—punycode. (Punycode bears little resemblance to the intended appearance of an IDN, removing the risk of spoofing.)

Later, it was decided that some IDN addresses would be shown as intended—but only if the domain’s registrar had a public anti-spoofing policy. These preferences keeps track of which top-level domains are displayed as intended.

This is a set of enumerated preferences. This means that Mozilla will look for all preference names beginning with “network.IDN.whitelist.” and examine each one. The name of the preference—specifically, the portion at the end, after the full stop—is as important as the preference’s value. By default, the following preferences are set:

• network.IDN.whitelist.ac
• network.IDN.whitelist.ar
• network.IDN.whitelist.at
• network.IDN.whitelist.biz
• network.IDN.whitelist.br
• network.IDN.whitelist.cat
• network.IDN.whitelist.ch
• network.IDN.whitelist.cl
• network.IDN.whitelist.cn
• network.IDN.whitelist.de
• network.IDN.whitelist.dk
• network.IDN.whitelist.es
• network.IDN.whitelist.fi
• network.IDN.whitelist.gr
• network.IDN.whitelist.hu
• network.IDN.whitelist.info
• network.IDN.whitelist.io
• network.IDN.whitelist.ir
• network.IDN.whitelist.is
• network.IDN.whitelist.jp
• network.IDN.whitelist.kr
• network.IDN.whitelist.li
• network.IDN.whitelist.lt
• network.IDN.whitelist.museum
• network.IDN.whitelist.no
• network.IDN.whitelist.org
• network.IDN.whitelist.pl
• network.IDN.whitelist.pr
• network.IDN.whitelist.se
• network.IDN.whitelist.sh
• network.IDN.whitelist.th
• network.IDN.whitelist.tm
• network.IDN.whitelist.tw
• network.IDN.whitelist.vn

Possible values and their effects

True

If an IDN has the top-level domain specified in this preference name, it will be shown as intended.

False

If an IDN has the top-level domain specified in this preference name, it will be displayed in punycode.

Caveats

• As this is a whitelist and not a blacklist, setting any of these preferences to false is the same as not setting the preference at all.
• IDN must be enabled for these preferences to have an effect.
• network.IDN_show_punycode must be false for these preferenes to have an effect.

First checked in

2005-06-19 by Jungshik Shin

Has an effect in

• Deer Park (Alpha 2)
• Mozilla Firefox (all versions since 1.5 RC1)
• SeaMonkey (all versions)

Related bugs

• Bug 279099 - Protect against homograph attacks (spoofing using punycode IDNs)
• Bug 286534 - Implement IDN punycode display by .tld
• Bug 299927 - Add .museum and .hu to list of TLDs for which IDN is permitted
• Bug 300132 - Add .lt, .info, .th, .ac, .io, .sh, .tm, .gr, .br to IDN whitelist
• Bug 304277 - Add further TLDs to IDN whitelist
• Bug 308334 - Enable IDN for more TLDs
• Bug 313490 - Enable IDN for .org
• Bug 322996 - Enable IDN for .is domain
• Bug 331099 - Add .cat to IDN TLD whitelist
• Bug 347321 - Add .biz to IDN TLD whitelist
• Bug 389600 - Add .pl to IDN whitelist
• Bug 404051 - Add .es to IDN TLD whitelist
• Bug 406314 - Add .ir to the IDN whitelist
• Bug 423974 - Add .pr (Puerto Rico) to IDN whitelist
• Bug 460517 - Add .ar to IDN TLD whitelist

Related preferences

• network.enableIDN
• network.IDN.blacklist_chars
• network.IDN_show_punycode

External links

• Gervase Markham’s Blog: IDN Update (2)
• IDN-enabled TLDs