-
Notifications
You must be signed in to change notification settings - Fork 17.7k
New issue
Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? # to your account
x/net/idna: Registration.ToASCII() accepts empty TLD label #47182
Comments
…rifyDNSLength is false. The existing implementation always skips the empty last label regardless of what verifyDNSLength is set to, which causes pure-ASCII domains ending with a single empty root label to be wrongly accepted when verifyDNSLength is true. This behavior is described in the Unicode Technical Standard 46 at https://unicode.org/reports/tr46/\#ToASCII Fixes golang/go#47182
From this section in the Unicode Technical Standard 46, both Currently I have drafted a possible fix here. |
…and s ends with trailing dot. From UTS46, no trailing dots are allowed when ToASCII is called with verifyDNSLength = true. This negates the need for an additional l.verifyDNSLength flag in the previous commit. See https://www.unicode.org/L2/L2021/21170-utc169-properties-recs.pdf under section F2 Fixes golang/go#47182
Can you verify if this interim fix works?
|
What did you do?
https://go.dev/play/p/oGhflDafvrL
What did you expect to see?
What did you see instead?
It appears if the domain contains an empty TLD label but contains only ASCII characters, then no error is returned. And only for the TLD (empty labels elsewhere return an error as expected).
The text was updated successfully, but these errors were encountered: