Fixed
Status Update
No update yet.
Comments
js...@chromium.org
[Empty comment from Monorail migration]
js...@chromium.org
I know when I looked into this four years ago the TLDs were extremely permissive, and whitelisting didn't seem viable. However, if Mozilla has seen a marked improvement then we should certainly consider using their whitelist approach.
I do think there's still value in falling back to a decent anti-spoofing heuristic for non-whitelisted TLDs. Ideally that would improve IDN coverage without adding any risk, since we've been comfortable with the security of the current heuristic for the last several years.
I do think there's still value in falling back to a decent anti-spoofing heuristic for non-whitelisted TLDs. Ideally that would improve IDN coverage without adding any risk, since we've been comfortable with the security of the current heuristic for the last several years.
js...@chromium.org
[Comment Deleted]
pk...@chromium.org
What do you think of the heuristic they describe on that wiki page, which is based on character sets rather than UI languages?
js...@chromium.org
Ah, I stopped reading too soon. So, they still enforce a character blacklist, then they use the TLD whitelist, then they fall back to TR-39. It seems reasonable, but I haven't actually read through TR-39.
ge...@gmail.com
Do let us know if we can help with understanding the algorithm.
We are fans of this approach because it has the significant advantage that IDNs that work, work everywhere - no matter which version or locale of Firefox (or, soon, Chrome :-) you are using. Without this property, IDNs will always remain a niche sideshow, because no site owner is going to risk some unknown percentage of his customers getting gibberish in the URL bar.
Gerv
We are fans of this approach because it has the significant advantage that IDNs that work, work everywhere - no matter which version or locale of Firefox (or, soon, Chrome :-) you are using. Without this property, IDNs will always remain a niche sideshow, because no site owner is going to risk some unknown percentage of his customers getting gibberish in the URL bar.
Gerv
mp...@chromium.org
[Empty comment from Monorail migration]
pk...@chromium.org
[Empty comment from Monorail migration]
pk...@chromium.org
[Empty comment from Monorail migration]
pk...@chromium.org
Unassigning. I still think this is important and should happen, but I'm not personally going to get to it in the foreseeable future.
js...@chromium.org
I'm going to look into this soonish because we definitely need to improve our IDN display policy (I thought I had filed a bug along the line of this bug, too, but couldn't find it ).
pa...@chromium.org
jshin: Any update?
Adding talo for internationalization interest.
Adding talo for internationalization interest.
js...@chromium.org
I'm planning to start working on this late next week. Assigning to myself.
mg...@chromium.org
[Empty comment from Monorail migration]
js...@chromium.org
Finally got here (much later than expected). ICU's uspoof API does most of the heavy lifting for us so that I can get rid of most of our codes.
I'll use 'highly restricitve' rather than 'moderately restrictive' (see
I'll use 'highly restricitve' rather than 'moderately restrictive' (see
js...@chromium.org
The CL is almost ready except for one unresolved issue, namely, what to do about the whole-script confusable. I don't feel very comfortable doing what Mozilla does (that is, allowing them uncondtionally).
Currently, we do allow them if they're in a script (more exactly, they're covered by the exemplar character set of one of user's languages) as mentioned in
-------
For example, the first component of
----------
One possibility is to allow them only for white-listed TLDs. Either we can skip any spoof check at all for TLDs in the whitelist or we can allow whole-script confusable for TLDs in the whitelist after doing other checks. The former is simpler than the latter implementation-wise, but the latter is a bit more conservative ( The policies of some registrars linked at
Another possibility is allowing a whole-script confusable label in non-Latin only if the exemplar set of one of 'Accept-Languages' covers all the letters in that label. This would make our IDN display policy still depend on A-L and still has the same issue as mentioned above about
Currently, we do allow them if they're in a script (more exactly, they're covered by the exemplar character set of one of user's languages) as mentioned in
-------
For example, the first component of
----------
One possibility is to allow them only for white-listed TLDs. Either we can skip any spoof check at all for TLDs in the whitelist or we can allow whole-script confusable for TLDs in the whitelist after doing other checks. The former is simpler than the latter implementation-wise, but the latter is a bit more conservative ( The policies of some registrars linked at
Another possibility is allowing a whole-script confusable label in non-Latin only if the exemplar set of one of 'Accept-Languages' covers all the letters in that label. This would make our IDN display policy still depend on A-L and still has the same issue as mentioned above about
pk...@chromium.org
I would do the simplest and least conservative thing of the choices you mention, but whatever is done, we should coordinate this discussion with Mozilla so we can mutually agree on the route forward, as they wanted our feedback and both of us want to be in sync going forward.
rs...@chromium.org
Yeah, with Peter on that. Especially not keen on whitelisting TLDs - there's enough hassle going on with the PSL and ICANN that makes me think that with the new gTLD landrush, there's going to be greater and greater churn on IDN policies, which makes a whitelist either frustrating or unmanagable long-term (especially considering other applications' at Google desire to align on IDN policies).
I'm curious if you could explain more the disagreement on whole-script confusables, as Mozilla's position on the matter seems to make ample sense, and reflects the thoughts I had.
I'm curious if you could explain more the disagreement on whole-script confusables, as Mozilla's position on the matter seems to make ample sense, and reflects the thoughts I had.
js...@chromium.org
Mozilla currently does use whitelist TLDs, for which they skill all the checks they'd do otherwise.
They said that they'd deprecate it, but has been keeping the list (even though they also said that the list wouldn't be updated further).
The patchset #6 at
1. Use Highly restrictive rules for script mixing [1] with an added
restriction on Latin.
- Script mixing is only allowed with ASCII-Latin (instead
of any Latin) + Han + {Hangul, Bofomopo, Hiragana+Katagana}.
2. Allow the recommended and inclusion sets from UAX 39 [2]
3. Allow 5 aspirational scripts from UAX 31 [3]
4. Do not allow labels with two or more numbering systems mixed.
5. Do not allow invisible characters or a sequence of the same
combining mark.
6. Turn off whole script confusable check. It'd block 'pax' because
p,a, or x has a Cyrillic look-alike. The same is true of
'bücher' (German) or 'färgbolaget' (Swedish).
7. Block 4 Katakanas surrounded by other scripts because they could be
mistaken as a slash.
8. Block repeating Japanese combining marks (U+3099 - U+309C) even
when different ones come in sequence. If the same one comes in
a row, they'll be blocked by rule #5 above.
9. Allow two additional characters (U+2665 - Black Heart Suit and U+272A - Circled white star). Yeah, this is rather arbitrary (copied from Google's internal spoofing/email address filtering routine).
[1]
[2]
[3]
-----------------------
Comparison with Mozilla's :
a. Does not use whitelist TLDs (we may end up using : see
b. Rules #2 ~ #6 are identical
c. Rule #1 (script mixing)
- Mozilla has not yet utilized new Unicode script extension properties to count
# of scripts or detect script mixing (apparently). We get this free from
ICU's uspoof API.
- We use 'highly restrictive' as opposed to 'moderately restrictive'. The difference is that we allows only the following script sets to be mixed with Latin: {Han, Bopomofo}, {Han,Hiragana, Katakana}, {Han, Hangul}. With moderately restrictive, all other scripts (single script) other than Greek, Cyrillic and Cherokee are allowed to mix with Latin.
- Latin allowed for script mixing above is limited to ASCII-Latin in my CL as opposed to any Latin.
- Mozilla has a user preference to select between highly restrictive and moderately restrictive. The default is moderately.
d. Rules #7 and #8 are only in my CL. They're kept from our current implementation. Those rules were added in response to security reports (of sort). I'm planning to propose them to the UTC (Unicode Technical Committee) for consideration.
e. Rule #9 (two additional characters) is only in my CL (copied from Google's internal code).
PS#6 does not do anything about the wholescript confusion (it's disabled). If you look at the Cyrillic code chart (a subset of Cyrillic in the Unicode) at
They said that they'd deprecate it, but has been keeping the list (even though they also said that the list wouldn't be updated further).
The patchset #6 at
1. Use Highly restrictive rules for script mixing [1] with an added
restriction on Latin.
- Script mixing is only allowed with ASCII-Latin (instead
of any Latin) + Han + {Hangul, Bofomopo, Hiragana+Katagana}.
2. Allow the recommended and inclusion sets from UAX 39 [2]
3. Allow 5 aspirational scripts from UAX 31 [3]
4. Do not allow labels with two or more numbering systems mixed.
5. Do not allow invisible characters or a sequence of the same
combining mark.
6. Turn off whole script confusable check. It'd block 'pax' because
p,a, or x has a Cyrillic look-alike. The same is true of
'bücher' (German) or 'färgbolaget' (Swedish).
7. Block 4 Katakanas surrounded by other scripts because they could be
mistaken as a slash.
8. Block repeating Japanese combining marks (U+3099 - U+309C) even
when different ones come in sequence. If the same one comes in
a row, they'll be blocked by rule #5 above.
9. Allow two additional characters (U+2665 - Black Heart Suit and U+272A - Circled white star). Yeah, this is rather arbitrary (copied from Google's internal spoofing/email address filtering routine).
[1]
[2]
[3]
-----------------------
Comparison with Mozilla's :
a. Does not use whitelist TLDs (we may end up using : see
b. Rules #2 ~ #6 are identical
c. Rule #1 (script mixing)
- Mozilla has not yet utilized new Unicode script extension properties to count
# of scripts or detect script mixing (apparently). We get this free from
ICU's uspoof API.
- We use 'highly restrictive' as opposed to 'moderately restrictive'. The difference is that we allows only the following script sets to be mixed with Latin: {Han, Bopomofo}, {Han,Hiragana, Katakana}, {Han, Hangul}. With moderately restrictive, all other scripts (single script) other than Greek, Cyrillic and Cherokee are allowed to mix with Latin.
- Latin allowed for script mixing above is limited to ASCII-Latin in my CL as opposed to any Latin.
- Mozilla has a user preference to select between highly restrictive and moderately restrictive. The default is moderately.
d. Rules #7 and #8 are only in my CL. They're kept from our current implementation. Those rules were added in response to security reports (of sort). I'm planning to propose them to the UTC (Unicode Technical Committee) for consideration.
e. Rule #9 (two additional characters) is only in my CL (copied from Google's internal code).
PS#6 does not do anything about the wholescript confusion (it's disabled). If you look at the Cyrillic code chart (a subset of Cyrillic in the Unicode) at
js...@chromium.org
> I'm curious if you could explain more the disagreement on whole-script
> confusables, as Mozilla's position on the matter seems to make ample sense,
> and reflects the thoughts I had.
Perhaps, the difference is how much we can trust the registrars for doing the due diligence and how 'scared' I am about some of examples I created off-line :-).
I read the IDN policy of a few registrars and '.museum' policy deals with whole-script confusability, but '.com' policy (Verisign) does not mention it.
If everybody implements what '.museum' specified in its policy, it'd be great.
Anyway, a couple of alternatives (other than what I wrote in
1) Safe-browsing : Add spoofing check to our safe-browsing feature (server-side). Safe-browsing team can maintain a (huge) list of good domains and alert users when a user tries to navigate to look-alike (confusable) domains.
2) Spoof-checking against good domains (a smaller list than the server-side safe-browsing implementation) can be done as a part of our display policy implementation.
I think 1) is much better than 2) and my two other ideas in
While 1) is worked on, we may as well take a more conservative approach (like the first in
> confusables, as Mozilla's position on the matter seems to make ample sense,
> and reflects the thoughts I had.
Perhaps, the difference is how much we can trust the registrars for doing the due diligence and how 'scared' I am about some of examples I created off-line :-).
I read the IDN policy of a few registrars and '.museum' policy deals with whole-script confusability, but '.com' policy (Verisign) does not mention it.
If everybody implements what '.museum' specified in its policy, it'd be great.
Anyway, a couple of alternatives (other than what I wrote in
1) Safe-browsing : Add spoofing check to our safe-browsing feature (server-side). Safe-browsing team can maintain a (huge) list of good domains and alert users when a user tries to navigate to look-alike (confusable) domains.
2) Spoof-checking against good domains (a smaller list than the server-side safe-browsing implementation) can be done as a part of our display policy implementation.
I think 1) is much better than 2) and my two other ideas in
While 1) is worked on, we may as well take a more conservative approach (like the first in
js...@chromium.org
Well, I might be a paranoid given that Mozilla has implemented their policy without whole-script confusability check since 2013 and there's no (major) spoofing attempt.
I'll talk to Mozilla folks (Gerv and Simon). I've already sent an email to the safe-browsing team.
I'll talk to Mozilla folks (Gerv and Simon). I've already sent an email to the safe-browsing team.
js...@chromium.org
oh, Gerv was here :-). Any input on my comments #16, 19, 20.
@jschuh : do you have any take ?
@jschuh : do you have any take ?
ma...@google.com
(copied from Google's internal spoofing/email address filtering routine).
I'd suggest just allowing the emoji characters: I can point you to the data
file.
Mark Davis | Int’l Arch | markdavis@google.com | +1 650-450-9291 / +41
44-668-1282
I'd suggest just allowing the emoji characters: I can point you to the data
file.
Mark Davis | Int’l Arch | markdavis@google.com | +1 650-450-9291 / +41
44-668-1282
js...@chromium.org
Mark, I like to get the data. Can you upload it here (or give me a pointer if it's at
In the meantime, do you have any take on whole-script confusability handling?
In the meantime, do you have any take on whole-script confusability handling?
ma...@google.com
The data is at
the DRAFT, that's a typo that will be corrected soon).
The information is not in ICU; I filed a ticket for that:
About the whole-script confusable: I think we need to support a more
refined API, because whether it has a whole-script confusable or not
depends on any character restrictions in play.
For example, the sequence "ցօօց1℮" is confusable with google, if displayed
in Noto Sans Armenian. Here's a screen shot showing that:
[image: Inline image 1]
That's because of the ℮, which is a symbol that may not be within the set
of allowed
identifier
characters.
Mark
Mark Davis | Int’l Arch | markdavis@google.com | +1 650-450-9291 / +41
44-668-1282
the DRAFT, that's a typo that will be corrected soon).
The information is not in ICU; I filed a ticket for that:
About the whole-script confusable: I think we need to support a more
refined API, because whether it has a whole-script confusable or not
depends on any character restrictions in play.
For example, the sequence "ցօօց1℮" is confusable with google, if displayed
in Noto Sans Armenian. Here's a screen shot showing that:
[image: Inline image 1]
That's because of the ℮, which is a symbol that may not be within the set
of allowed
identifier
characters.
Mark
Mark Davis | Int’l Arch | markdavis@google.com | +1 650-450-9291 / +41
44-668-1282
ma...@google.com
Missing screen shot that was in email:
js...@chromium.org
"ցօօց1℮" with Armenian ℮ would be blocked because I'm planning to use 'highly restrictive' instead of 'moderately restrictive'. One reason for going with 'highly rest.' is that 'moderately restrictive' allows 'Latin + Armenian' mixing.
As for allowing all or a significant subset of Emoji, I'd rather not deal with that in this bug but deal with in in a follow-up bug.
As for allowing all or a significant subset of Emoji, I'd rather not deal with that in this bug but deal with in in a follow-up bug.
js...@chromium.org
oops. Sorry about the off-the-mark
I should have printed out the code points of ցօօց1℮.
They're U+0581, U+0585, U+0585, U+0581, U+0031, U+212e.
This particular example (fortunately?) would be flagged even without whole_script check because U+212E is not in the set ( recommended set + alowance set) I'm allowing.
Nonetheless, this just shows how tricky it can be.
I should have printed out the code points of ցօօց1℮.
They're U+0581, U+0585, U+0585, U+0581, U+0031, U+212e.
This particular example (fortunately?) would be flagged even without whole_script check because U+212E is not in the set ( recommended set + alowance set) I'm allowing.
Nonetheless, this just shows how tricky it can be.
js...@chromium.org
[Empty comment from Monorail migration]
js...@chromium.org
[Empty comment from Monorail migration]
mp...@chromium.org
[Empty comment from Monorail migration]
js...@chromium.org
[Empty comment from Monorail migration]
pk...@chromium.org
Jungshik, is
bu...@chromium.org
The following revision refers to this bug:
commit 62a928390ba06db29576bbb32606696b3e16a66c
Author: jshin <jshin@chromium.org>
Date: Fri Mar 18 18:42:39 2016
Implement a new IDN display policy
The new policy is language-indepedent, implemented with
ICU's uspoof API and is as following:
1. Use moderately restrictive rules for script mixing [1] with additional
restrictions on mixing with Latin.
- Script mixing is only allowed with ASCII-Latin (instead
of any Latin) + another script allowed at the moderatate
restriction level
2. Only allow the recommended sets from UTS 39 [2] and inclusion sets from
UAX 31 [3]. This is equivalent to [:IdentifierStatus=Allowed:] [4].
3. Allow 5 aspirational scripts from UAX 31 [5]
4. Do not allow labels with two or more numbering systems mixed.
5. Do not allow invisible characters or a sequence of the same
combining mark.
6. Turn off whole script confusable check. It'd block some common
domain labels like рф (IDN ccTLD for '.ru'),
'bücher' (German) and 'färgbolaget' (Swedish).
7. Keep ON 'mixed script confusable' check. This is different/separate
from 'script mixing restriction' and will catch cases like 'gօօgle'
with 'օ' (U+0585; Armenian Small Letter OH) [6] that would be otherwise
allowed by rules #1 ~ #5.
8. Block 4 Katakanas surrounded by non-Japanese scripts because they could be
mistaken as a slash. (this has been in place for a few years and is kept.)
9. Labels with any of four deviation characters (IDNA 2003 vs IDNA 2008)
encoded in punycode/ACE are always shown in Punycode. This is to make
the display policy consistent with our prior decision to use UTS 46
'transitional' processing (map or drop the 4 deviation characters.). [9]
10. Character black list (Mozilla's : [8]) is trimmed down to two characters.
Note that this is almost identical to Mozilla's IDN display algorithm
[7] except for #7, #8, and an additional restrictions in #1. #9 is another difference
because of Mozilla's use of UTS 46 'non-transitional' processing and our use of UTS 46 'transitional' processing.
Most of domains filtered out in ".com" TLD is filtered due to the
character set restrictiction (#2 and #3) that accounts for 94% (2,050)
of IDNs filtered out (0.2% of ~ 1 million IDNs in com TLD).
All the IDN TLDs are shown in Unicode. So are all the IDNs in the
effective TLD list, ".рф" (~ 860k), and ".みんな" (~25k).
48 out of 200k in ".xyz" and 3 out of 25k in ".jp" are filtered and shown
in punycode.
P.S. This CL keeps 'languages' parameter for the public APIs. I'll follow up
this CL with another to get rid of that parameter and adjust callers.
P.S.2:
[1]
[2]
[3]
[4]
[5]
[6]
[7]
[8]
are blocked or mapped any way by other restrictions/mechanism in place.
See
[9] This is to "fix"
BUG=336973,595263
TEST=components_unittests --gtest_filter=*IDN*, --gtest_filter=UrlForm*,
--gtest_filter=*Puny*
Review URL:
Cr-Commit-Position: refs/heads/master@{#382029}
[modify]
[modify]
[modify]
[modify]
[modify]
commit 62a928390ba06db29576bbb32606696b3e16a66c
Author: jshin <jshin@chromium.org>
Date: Fri Mar 18 18:42:39 2016
Implement a new IDN display policy
The new policy is language-indepedent, implemented with
ICU's uspoof API and is as following:
1. Use moderately restrictive rules for script mixing [1] with additional
restrictions on mixing with Latin.
- Script mixing is only allowed with ASCII-Latin (instead
of any Latin) + another script allowed at the moderatate
restriction level
2. Only allow the recommended sets from UTS 39 [2] and inclusion sets from
UAX 31 [3]. This is equivalent to [:IdentifierStatus=Allowed:] [4].
3. Allow 5 aspirational scripts from UAX 31 [5]
4. Do not allow labels with two or more numbering systems mixed.
5. Do not allow invisible characters or a sequence of the same
combining mark.
6. Turn off whole script confusable check. It'd block some common
domain labels like рф (IDN ccTLD for '.ru'),
'bücher' (German) and 'färgbolaget' (Swedish).
7. Keep ON 'mixed script confusable' check. This is different/separate
from 'script mixing restriction' and will catch cases like 'gօօgle'
with 'օ' (U+0585; Armenian Small Letter OH) [6] that would be otherwise
allowed by rules #1 ~ #5.
8. Block 4 Katakanas surrounded by non-Japanese scripts because they could be
mistaken as a slash. (this has been in place for a few years and is kept.)
9. Labels with any of four deviation characters (IDNA 2003 vs IDNA 2008)
encoded in punycode/ACE are always shown in Punycode. This is to make
the display policy consistent with our prior decision to use UTS 46
'transitional' processing (map or drop the 4 deviation characters.). [9]
10. Character black list (Mozilla's : [8]) is trimmed down to two characters.
Note that this is almost identical to Mozilla's IDN display algorithm
[7] except for #7, #8, and an additional restrictions in #1. #9 is another difference
because of Mozilla's use of UTS 46 'non-transitional' processing and our use of UTS 46 'transitional' processing.
Most of domains filtered out in ".com" TLD is filtered due to the
character set restrictiction (#2 and #3) that accounts for 94% (2,050)
of IDNs filtered out (0.2% of ~ 1 million IDNs in com TLD).
All the IDN TLDs are shown in Unicode. So are all the IDNs in the
effective TLD list, ".рф" (~ 860k), and ".みんな" (~25k).
48 out of 200k in ".xyz" and 3 out of 25k in ".jp" are filtered and shown
in punycode.
P.S. This CL keeps 'languages' parameter for the public APIs. I'll follow up
this CL with another to get rid of that parameter and adjust callers.
P.S.2:
[1]
[2]
[3]
[4]
[5]
[6]
[7]
[8]
are blocked or mapped any way by other restrictions/mechanism in place.
See
[9] This is to "fix"
BUG=336973,595263
TEST=components_unittests --gtest_filter=*IDN*, --gtest_filter=UrlForm*,
--gtest_filter=*Puny*
Review URL:
Cr-Commit-Position: refs/heads/master@{#382029}
[modify]
[modify]
[modify]
[modify]
[modify]
js...@chromium.org
I'll update the document. Moreover, I'll get rid of an unused input argument (language) in the public API and fix callers.
bu...@chromium.org
The following revision refers to this bug:
commit 1fb76469391f6e7e2a846c27a095d57b54b50738
Author: jshin <jshin@chromium.org>
Date: Tue Apr 05 22:13:03 2016
Drop |languages| from FormatUrl*() and ElideUrl()
In
independent of Accept-Languages (A-L). Therefore, IDNToUnicode(), FormatUrl*()
and ElideUrl() do not need |languages| argument any more.
( ElideUrl() can pass A-L down to gfx string drawing/measuring API help
their font selection, but there's no gfx string drawing/measuring API taking
into account A-L values in the font selection atm.)
Drop it in the API and fix all the call sites. There is a huge ripple effect
and a lot of files have to be fixed up.
BUG=336973
TEST=Builds on all platforms and pass all the tests pass
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_site_isolation
CQ_INCLUDE_TRYBOTS=tryserver.blink:linux_blink_rel,mac_blink_rel,win_blink_rel
Review URL:
Cr-Commit-Position: refs/heads/master@{#385299}
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
commit 1fb76469391f6e7e2a846c27a095d57b54b50738
Author: jshin <jshin@chromium.org>
Date: Tue Apr 05 22:13:03 2016
Drop |languages| from FormatUrl*() and ElideUrl()
In
independent of Accept-Languages (A-L). Therefore, IDNToUnicode(), FormatUrl*()
and ElideUrl() do not need |languages| argument any more.
( ElideUrl() can pass A-L down to gfx string drawing/measuring API help
their font selection, but there's no gfx string drawing/measuring API taking
into account A-L values in the font selection atm.)
Drop it in the API and fix all the call sites. There is a huge ripple effect
and a lot of files have to be fixed up.
BUG=336973
TEST=Builds on all platforms and pass all the tests pass
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_site_isolation
CQ_INCLUDE_TRYBOTS=tryserver.blink:linux_blink_rel,mac_blink_rel,win_blink_rel
Review URL:
Cr-Commit-Position: refs/heads/master@{#385299}
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
la...@chromium.org
Security>UX component is deprecated in favor of the Team-Security-UX label
[Monorail components: -Security>UX]
[Monorail components: -Security>UX]
is...@google.com
This issue was migrated from
[Multiple monorail components: UI>Browser>Omnibox, UI>Internationalization]
[Monorail blocking:
[Monorail mergedwith:
[Monorail components added to Component Tags custom field.]
[Multiple monorail components: UI>Browser>Omnibox, UI>Internationalization]
[Monorail blocking:
[Monorail mergedwith:
[Monorail components added to Component Tags custom field.]
Description
Mozilla spent a while defining and then implementing what they hope is a better algorithm. This is covered by
In the interests of browser consistency, and because I think Mozilla's algorithm is better for users due to relying less on user-configured, and often erroneous, language settings, we should implement this algorithm.
If we find tweaks or problems, we can dialog with Mozilla about them, but I'd like to get to an end state where we can agree on a common algorithm and then see that implemented across other browsers as well.
Interested parties should feel free to take this bug. I've assigned to myself so as not to lose it, but I may not get to this any time soon, and I think with the rapid upcoming growth in IDNs, this is going to become more important.