Internationalized Domain Names (IDN) unsupported

alrekr commented 1 year ago

Steps To Reproduce

Step 1

Create a new entry:
URI 1: medæøå.dk
Username: Bitwarden
Password: Hr*UX6$gmBx@qJJZKjYj!mvBcHHYZD6mwmya4sNhb%zVVpNE6D^nFyeVqyv8@ui%6#sWmc$mPB8z

Please note: Site is set up only for this example, and will at some point die.

Step 2

Go to medæøå.dk/wp-login.php and click the Bitwarden extension to open possible entries.

Expected Result

The login info for user Bitwarden is available in the browser extension ready for autofill immediately.

Actual Result

No login info is available in the browser extension. Searching for "medæøå" shows the login info but you have to open the item and choose "Auto-fill".

Screenshots or Videos

No response

Additional Context

It appears that when Bitwarden matches uris it does so without respecting IDN, leaving out native support for users with non-ASCII keyboards (compassing large parts of EMEA and Asia). Browsers started a long time ago to convert from Punycode to Unicode in the address bar to support native users.

As I am Danish, my main focus has been on the Danish special characters æ, ø, and å. As far as I know the support of these are no different from many European languages, Cyrillic, Arabic, Chinese Simplified, and many others (see Wikipedia on IDN).

If a user adds the login through the browser extension the uri is saved correctly and autofill works as intended.

Operating System

Windows

Operating System Version

10

Web Browser

Chrome, Firefox

Browser Version

Firefox 108.0.1, Chrome 108.0.5359.125.

Build Version

Version: 2022.12.1 Server Version: 2022.12.0

Issue Tracking Info

[X] I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.

Dr-Electron commented 1 year ago

I have the same problem but with my self hosted version of Vaultwarden which is accessible over an IDN. But now I can't use it with that domain. (It obviously works with the Punycode/--xn version but than 2FA is a little bit problematic )

atjbramley commented 1 year ago

Hi @alrekr ,

Thank you for your report!

I was able to reproduce this issue, and I have flagged this to our engineering team.

If you wish to add any further information/screenshots/recordings etc., please feel free to do so at any time - our engineering team will be happy to review these.

As a workaround in the meantime, please consider adding the vault item from within the extension using the + button - this will automatically fill out the URL using equivalent characters, and at this point the item will be available for autofill.

Thanks once again!

bitwarden / clients