QUrl: Outdated TLD whitelist hinders IDN usage

QUrl implementation is using whitelist of TLDs that are allowed to have internationalized domain names (idn_whitelist). It currently has 61 entries. Quick look at the Wikipedia (https://en.wikipedia.org/wiki/List_of_Internet_top-level_domains) shows much more TLDs that support IDN. Wikipedia claims "As of March 2021, the IANA root database includes 1589 TLDs", and it looks like at least half of them support IDNs (even those as listed as ones that don't, like xn--ls8h.la which works in Safari at least). There is also significant amount of TLDs containing non-ASCII characters themselves.

Having an outdated list of TLDs makes IDN implementation in Qt much less useful. The documentation for setIdnWhitelist has this reason for having the whitelist:

  Qt comes with a default list that contains the Internet top-level domains
that have published support for Internationalized Domain Names (IDNs)
and rules to guarantee that no deception can happen between similarly-looking
characters (such as the Latin lowercase letter \c 'a' and the Cyrillic
equivalent, which in most fonts are visually identical).

This list is periodically maintained, as registrars publish new rules.

The second paragraph is obviously untrue. I claim that the first one is too. Having the whitelist does nothing against the similar looking domain names attack. Those Cyrillic characters are still allowed in .com domain for example, where most of the targets would be. UTS #46 (modern version of IDNA) suggest using other mechanisms, such as those described in UTS #39.

Instead of trying to update the list (from what source?) and have it obsolete before the next Qt release with current rate of TLD registrations, I propose to deprecate QUrl::setIdnWhitelist() and QUrl::idnWhitelist(), ignore the whitelist in the rest of QUrl code, and direct users to other security measures. Perhaps in the future versions Qt could provide some API for those measures, perhaps in a separate module using ICU.