Mitigate spoofing attempt using Latin letters.

components/url_formatter/url_formatter_unittest.cc

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "components/url_formatter/url_formatter.h"
 
 #include <stddef.h>
 #include <string.h>
 
 #include <vector>
@@ skipping 257 matching lines @@
       L"\x0455\x0441\x043e\x0440\x0435\u00b7\x0440\x0430\x0443.\x0440\x0444",
       true},
 
   // ѕсоре-рау.한국 with ѕсоре and рау in Cyrillic.
   {"xn----8sbn9akccw8m.xn--3e0b707e",
       L"\x0455\x0441\x043e\x0440\x0435-\x0440\x0430\x0443.\xd55c\xad6d", true},
 
   // музей (museum in Russian) has characters without a Latin-look-alike.
   {"xn--e1adhj9a.com", L"\x043c\x0443\x0437\x0435\x0439.com", true},
 
+  // Combining Diacritic marks after a script other than Latin-Greek-Cyrillic
+  {"xn--rsa2568fvxya.com", L"\xd55c\x0301\xae00.com", false}, // 한́글.com
+  {"xn--rsa0336bjom.com", L"\x6f22\x0307\x5b57.com", false},  // 漢̇字.com
+  // नागरी́.com
+  {"xn--lsa922apb7a6do.com", L"\x0928\x093e\x0917\x0930\x0940\x0301.com",
+    false},
+
+  // Similarity checks against the list of top domains. "digklmo68.com" and
+  // 'digklmo68.co.uk" are listed for unittest in the top domain list.

[Peter Kasting, 2017/05/09 01:37:04]

Can we avoid including these test domains in the real list, and instead cause
the test to poke them into the list while it's running?

+  {"xn--igklmo68-nea32c.com", L"\x0111igklmo68.com", false}, // đigklmo68.com
+  {"www.xn--igklmo68-nea32c.com", L"www.\x0111igklmo68.com", false},
+  {"foo.bar.xn--igklmo68-nea32c.com", L"foo.bar.\x0111igklmo68.com", false},
+  {"xn--igklmo68-nea32c.co.uk", L"\x0111igklmo68.co.uk", false},
+  {"mail.xn--igklmo68-nea32c.co.uk", L"mail.\x0111igklmo68.co.uk", false},
+  {"xn--digklmo68-6jf.com", L"di\x0307gklmo68.com", false}, // di̇gklmo68.com
+  {"xn--digklmo68-7vf.com", L"dig\x0331klmo68.com", false}, // dig̱klmo68.com
+  {"xn--diglmo68-omb.com", L"dig\x0138lmo68.com", false}, // digĸlmo68.com
+  {"xn--digkmo68-9ob.com", L"digk\x0142mo68.com", false}, // digkłmo68.com
+  {"xn--digklo68-l89c.com", L"digkl\x1e43o68.com", false}, // digklṃo68.com
+  {"xn--digklm68-b5a.com", L"digklm\x00f8" L"68.com", false}, // digklmø68.com
+  {"xn--digklmo8-h7g.com", L"digklmo\x0431" L"8.com", false}, // digklmoб8.com
+  {"xn--digklmo6-7yr.com", L"digklmo6\x09ea.com", false}, // digklmo6৪.com
+
+  // 'islkpx123.com' is listed for unitest in the top domain list.
+  // 'іѕӏкрх123' can look like 'islkpx123' in some fonts.
+  {"xn--123-bed4a4a6hh40i.com",
+    L"\x0456\x0455\x04cf\x043a\x0440\x0445" L"123.com", false},
+
   // Mixed digits: the first two will also fail mixed script test
   // Latin + ASCII digit + Deva digit
   {"xn--asc1deva-j0q.co.in", L"asc1deva\x0967.co.in", false},
   // Latin + Deva digit + Beng digit
   {"xn--devabeng-f0qu3f.co.in", L"deva\x0967" L"beng\x09e7.co.in", false},
   // ASCII digit + Deva digit
   {"xn--79-v5f.co.in", L"7\x09ea" L"9.co.in", false},
   //  Deva digit + Beng digit
   {"xn--e4b0x.co.in", L"\x0967\x09e7.co.in", false},
   // U+4E00 (CJK Ideograph One) is not a digit
@@ skipping 13 matching lines @@
   {"xn--58db0a9q.com", L"\x13df\x13aa\x13a1\x13a0.com", false},
   // Scripts excluded from Identifiers: UTS 31 Table 4
   // Coptic
   {"xn--5ya.com", L"\x03e7.com", false},
   // Old Italic
   {"xn--097cc.com", L"\U00010300\U00010301.com", false},
 
   // U+115F (Hangul Filler)
   {"xn--osd3820f24c.kr", L"\xac00\xb098\x115f.kr", false},
   {"www.xn--google-ho0coa.com", L"www.\x2039google\x203a.com", false},
-  // Latin small capital w
+  // Latin small capital w: hardᴡare.com
   {"xn--hardare-l41c.com", L"hard\x1d21" L"are.com", false},
   // Minus Sign(U+2212)
   {"xn--t9g238xc2a.jp", L"\x65e5\x2212\x672c.jp", false},
-  // Latin Small Letter Script G
+  // Latin Small Letter Script G: ɡɡ.com
   {"xn--0naa.com", L"\x0261\x0261.com", false},
   // Hangul Jamo(U+11xx)
   {"xn--0pdc3b.com", L"\x1102\x1103\x1110.com", false},
-  // degree sign
+  // degree sign: 36°c.com
   {"xn--36c-tfa.com", L"36\x00b0" L"c.com", false},
   // Pound sign
   {"xn--5free-9ga.com", L"5free\x00a8.com", false},
   // Hebrew points (U+05B0, U+05B6)
   {"xn--7cbl2kc2a.com", L"\x05e1\x05b6\x05e7\x05b0\x05e1.com", false},
   // Danda(U+0964)
   {"xn--81bp1b6ch8s.com", L"\x0924\x093f\x091c\x0964\x0930\x0940.com", false},
   // Small letter script G(U+0261)
   {"xn--oogle-qmc.com", L"\x0261oogle.com", false},
   // Small Katakana Extension(U+31F1)
   {"xn--wlk.com", L"\x31f1.com", false},
-  // Heart symbol
+  // Heart symbol: ♥
   {"xn--ab-u0x.com", L"ab\x2665.com", false},
   // Emoji
   {"xn--vi8hiv.xyz", L"\U0001f355\U0001f4a9.xyz", false},
   // Registered trade mark
   {"xn--egistered-fna.com", L"\x00ae" L"egistered.com", false},
   // Latin Letter Retroflex Click
   {"xn--registered-25c.com", L"registered\x01c3.com", false},
   // ASCII '!' not allowed in IDN
   {"xn--!-257eu42c.kr", L"\xc548\xb155!.kr", false},
-  // 'GOOGLE' in IPA extension
+  // 'GOOGLE' in IPA extension: ɢᴏᴏɢʟᴇ
   {"xn--1naa7pn51hcbaa.com",
     L"\x0262\x1d0f\x1d0f\x0262\x029f\x1d07.com", false},
   // Padlock icon spoof.
   {"xn--google-hj64e", L"\U0001f512google.com", false},
 
   // Custom black list
   // Combining Long Solidus Overlay
   {"google.xn--comabc-k8d", L"google.com\x0338" L"abc", false},
   // Hyphenation Point instead of Katakana Middle dot
   {"xn--svgy16dha.jp", L"\x30a1\x2027\x30a3.jp", false},
@@ skipping 635 matching lines @@
     0, kNpos, kNpos, kNpos, kNpos, kNpos, kNpos, 0, kNpos, kNpos, kNpos, kNpos,
     0, 1, 2, 3, 4, 5, 6, 7
   };
   CheckAdjustedOffsets("http://user@foo.com/", kFormatUrlOmitAll,
                        net::UnescapeRule::NORMAL, omit_all_offsets);
 }
 
 }  // namespace
 
 }  // namespace url_formatter