It doesn't seem to work on Firefox Mobile for Android.
When visiting sites from Mozilla's IDN list, it doesn't block any of them.

Domains get blocked when they contain punycode in the URL itself http://example.org/xn--.....

Thank you for the excellent extension!

Overall, the extension works well, but in Firefox 59.0, I'm not seeing the blocked page replaced with a warning. Instead, it shows only a blank page.

The toolbar indicator is working fine, but I prefer to keep that hidden in the overflow menu.

It would be useful and interesting for the extension to indicate to the user (possibly simply by highlighting in red for example) which character in the domain name is the 'fake' character that doesn't fit within the punycode parameters.

When a blocked domain is temporarily allowed and forwards to another blocked domain the icon appears green. It should be red and has a counter.
Blocking is still working.

When we try to access to a punycode domain adress directly from a page by a selection on it, right click and "Access at {punycode domain}, the website is well blocked, but we can see the full name, and not simply "xn--blablabla".

More information on my screenshot :

IDs should follow the same syntax.

Hello,

I've just quickly reviewed this extension and identified an unsafe pattern in the popup construction. The names of blocked domains are injected in to the popup HTML without HTML-encoding them to prevent injection of Javascript or other HTML content.

I have not identified a working way to exploit this, however any of the following would have resulted in injection of arbitrary HTML in to the popup:

• Any URL scheme which does not use the :// notation being passed to the onBeforeRequest handler, based on the custom URL decoding routine ignoring this possibility.
• If punycode allowed ASCII characters to be redundantly encoded (I checked, it doesn't seem to).
• If Chrome passed protocol-relative or other incomplete URLs to the extension (it doesn't)

HTML-encoding content before injecting it in to the popup would remove the hazard that such a condition is introduced in future.

Thank you for the useful extension.

I tested it in a working Firefox installation, and I noticed some slowdown when clicking on links, especially when loading them in the background.

Can you make it compatible with Vivaldi browser?

Hi, i tested your IDN-Safe in Chrome, but mostly i use Firefox. I signed your extension for my private and installed it in firefox. Generally it works and shows a red icon during punycode adress.
But, it shows not this blue "1" in the icon, and not the real adress in adressbar and browsertab and so i can not reload the page. In chrome all works perfect.

Please please, would you make a full compatible firefox webextension? it would be really great! It exist no such extension on https://addons.mozilla.org/ as a webextension and i think such a extension would be very necessary and needed and IDN-Safe is the best i found in the web ;)


Greetings (and sorry for my bad english)