Version: (using KDE KDE 3.5.6) Installed from: Unlisted Binary Package Compiler: 4.2.0 OS: Linux libidn-0.6.8-2.i686 trying to open http://www.żółw.pl/ makes konqueror fail and url in address bar changes to: http://www.zó?w.pl + message: ,,Wystąpił błąd podczas wczytywania http://www.zó?w.pl: Nieznany serwer www.zó''
clicking on that URL, konqueror try to load: http://www.?%C3%B3?w.pl which throws an error. The same happens with firefox. Need I some special char encoding for reproduce this bug?
$ host www.żółw.pl www.żółw.pl has address 213.180.128.160 works with firefox for me and still doesn't work with konqueror (3.5.9) Try iso8859-2 maybe.
Thanks Arkadiusz! konqueror 3.5.9 cannot load the page. Konqueror 4 (from trunk) is able to load it, but it change the address to: http://www.xn--w-uga1v8h.pl/
Why confirm it if it's fixed?
So bugs about 3.5 series are ignored by KDE team now - correct?
@Marksim: because using konqueror 4 the page is loaded but the URL in the address bar is changed, is it right?
Arkadiusz: Not ignored, we want to make sure the same bugs don't exist in 4. But in some cases entire frameworks have been rewritten. Trying to have developers bugfix three branches (3.5.x, stable branch, trunk) while still adding features is unlikely to happen...
URL changing is deliberate, and prevents a security attack. W/o the changing, you may not be able to tell apart these two different URLs: bank.pl bаnk.pl (aka http://xn--bnk-6cd.pl) The .pl domain administrator isn't in Qt's list of registrars that have policies in place to prevent this attack, so the raw name of the domain is displaye.d
Ok, thanks Maksim! :-)
> The .pl domain administrator isn't in Qt's list of registrars that have policies > in place to prevent this attack Were can we find this list? How is it managed? (NASK, the ".pl" domain registry is not a registrar) (It is very questionable that browsers decide what registry policy is or is not acceptable.)
In the case of KDE4, it's managed by TrollTech, as it's part of Qt (src/corelib/io/qurl.cpp) The current whitelist is: ac at br cat ch cl cn de dk fi gr hu info io is jp kr li lt museum no org se sh th tm tw vn And questionable or not, would you rather we left known security holes in there?