[Bug 15489] IDN email addresses should be converted to Punycode before validating them from bugzilla@jessica.w3.org on 2012-02-08 (public-html-bugzilla@w3.org from February 2012)

From: <bugzilla@jessica.w3.org>
Date: Wed, 08 Feb 2012 23:08:31 +0000
To: public-html-bugzilla@w3.org
Message-Id: <E1RvGcp-0007AZ-60@jessica.w3.org>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=15489

Ian 'Hixie' Hickson <ian@hixie.ch> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|REOPENED                    |NEW

--- Comment #12 from Ian 'Hixie' Hickson <ian@hixie.ch> 2012-02-08 23:08:27 UTC ---
(In reply to comment #11)
> So what should happen when markup like this is used:
> 
>     <input type=email value=foo@mañana.com>
> 
> Should this value be considered invalid until the user focuses the control
> (i.e., until it becomes “user input”)?

The markup is invalid, regardless of what the user does.

The form control itself initially has an invalid state. What happens after that
is up to the user agent. A user agent could pretend that the user had changed
the value, setting the internal value to "foo@ xn--maana-pta.com". Or it could
wait for the user to actually make a change to the value. Or it could never
support IDN.


> That seems weird.
> 
> > [08:08] <Hixie> what's the use case? the value in the database would be punycoded
> > [08:09] <Hixie> since that's all the client will ever send to the server
> 
> Let’s say Page A has the following markup. After submission the input is
> inserted into a database.
> 
>     <input type=text name=email>
>     <!-- or even a typo, which makes it fall back to type=text… -->
>     <input type=e-mail name=email>

Then, if the user enters an IDN address, and the server doesn't validate its
input (!), the server will be in a state where if it tries to send mail, it
will fail.


> Page B uses type=email, and reads the value from the database:
> 
>     <input type=email value=foo@mañana.com>

This means the server is non-conforming, as it outputs invalid HTML.


> Alternatively, the un-Punycoded email address may already be stored in the
> database for a variety of reasons.

Like what?

-- 
Configure bugmail: https://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

Received on Wednesday, 8 February 2012 23:08:36 UTC