InputWidget: Optional domain punycoding for UI

2 files changed, 10 insertions, 5 deletions

diff --git a/src/app.c b/src/app.c
index ec2f4b5b..5d27618b 100644
--- a/src/app.c
+++ b/src/app.c
@@ -1207,11 +1207,6 @@ iBool handleCommand_App(const char *cmd) {
         else {
             urlEncodePath_String(url);
         }
-       
-        /* Prevent address bar spoofing (mentioned as IDN homograph attack
-        in issue 73) */
-        punyEncodeUrlHost_String(url);
-       
         setUrlFromCache_DocumentWidget(doc, url, isHistory);
         /* Optionally, jump to a text in the document. This will only work if the document
            is already available, e.g., it's from "about:" or restored from cache. */
diff --git a/src/ui/inputwidget.c b/src/ui/inputwidget.c
index 6992bbec..62f0341e 100644
--- a/src/ui/inputwidget.c
+++ b/src/ui/inputwidget.c
@@ -224,6 +224,16 @@ static void updateBuffered_InputWidget_(iInputWidget *d) {
 }
 
 void setText_InputWidget(iInputWidget *d, const iString *text) {
+    if (d->inFlags & isUrl_InputWidgetFlag) {
+        /* If user wants URLs encoded, also Punycode the domain. */
+        if (!prefs_App()->decodeUserVisibleURLs) {
+            iString *enc = collect_String(copy_String(text));
+            /* Prevent address bar spoofing (mentioned as IDN homograph attack in
+               https://github.com/skyjake/lagrange/issues/73) */
+            punyEncodeUrlHost_String(enc);
+            text = enc;
+        }
+    }
     clearUndo_InputWidget_(d);
     clear_Array(&d->text);
     iConstForEach(String, i, text) {