fixes bug 315411 "fail to check the IDN is in whitelist if user inputs un-normalized URL in URL bar" patch by Masayuki Nakano <masayuki@d-toybox.com>, r=jshin, sr=darin

netwerk/base/src/nsStandardURL.cpp

@@ -864,10 +864,24 @@ nsStandardURL::ACEtoDisplayIDN(const nsCSubstring &host, nsCString &result)
 /* static */ nsresult
 nsStandardURL::UTF8toDisplayIDN(const nsCSubstring &host, nsCString &result)
 {
-    if (gShowPunycode || !IsInWhitelist(host))
+    // We have to normalize the hostname before testing against the domain
+    // whitelist.  See bug 315411.
+
+    nsCAutoString temp;
+    if (gShowPunycode || NS_FAILED(gIDN->Normalize(host, temp)))
         return gIDN->ConvertUTF8toACE(host, result);
 
-    return gIDN->Normalize(host, result);
+    PRBool isACE = PR_FALSE;
+    gIDN->IsACE(temp, &isACE);
+
+    // If host is converted to ACE by the normalizer, then the host may contain
+    // unsafe characters.  See bug 283016, bug 301694, and bug 309311.
+ 
+    if (!isACE && !IsInWhitelist(temp))
+        return gIDN->ConvertUTF8toACE(temp, result);
+
+    result = temp;
+    return NS_OK;
 }
 
 /* static */ PRBool
@@ -876,6 +890,8 @@ nsStandardURL::IsInWhitelist(const nsCSubstring &host)
     PRInt32 pos; 
     PRBool safe;
 
+    // XXX This code uses strings inefficiently.
+
     if (gIDNWhitelistPrefBranch && 
         (pos = nsCAutoString(host).RFind(".")) != kNotFound &&
         NS_SUCCEEDED(gIDNWhitelistPrefBranch->
@@ -2423,7 +2439,6 @@ nsStandardURL::GetFile(nsIFile **result)
     if (NS_FAILED(rv))
         return rv;
 
-
 #if defined(PR_LOGGING)
     if (LOG_ENABLED()) {
         nsCAutoString path;