Multiple urls in the address bar
Reported by
julienro...@gmail.com,
Sep 1 2017
|
|||
Issue descriptionUserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.101 Safari/537.36 Steps to reproduce the problem: 1. Open chromium 2. Visite https://www.wikipedia.org/ (or any website) 3. Select the beginning of the adress bar before the https 4. Paste https://www.google.ca/?gws_rd=ssl 5. Select the beginning of the adress bar before the https 6. Paste https://github.com/ Alternative: 1. Open chrome 2. Visit the weird url directly : http://www.google.comcomicneue.comwww.comicsanscriminal.com/ What is the expected behavior? Chromium should not reach the first website if the url looks like this: "https://github.com/https://www.google.ca/?gws_rd=sslhttps://www.wikipedia.org". What went wrong? Chromium reached the first website in the weird url. Two examples: http://www.google.comcomicneue.comwww.comicsanscriminal.com/ https://github.com/https://www.google.ca/?gws_rd=sslhttps://www.wikipedia.org Did this work before? No Chrome version: 60.0.3112.101 Channel: stable OS Version: Flash Version: I was able to reproduce this bug on different version of chromium/chrome and on other computers. This was discovered with friends while trying to switch between website and we lost the focus on the address bar. The last url wasn't removed by the new one since the url wasn't selected anymore.
,
Sep 2 2017
The pasted URL is valid according to the URL specification and may be used legitimately by any website wishing to do so, so there's no bug in Chrome. But Chrome can be smarter in the error message and suggest the first extracted URL or a list of individual URLs from such compound one with a preceding question like "Did you mean to navigate to ..."
,
Sep 5 2017
I think it would be a very nice addon to chrome. I get that urls are very complicated but I still think an url like "http://www.google.comcomicneue.comwww.comicsanscriminal.com/" should not work since it could be misleading. Thanks you for looking into this issue.
,
Sep 5 2017
It's a perfectly valid URL. I agree though, it can be used for phishing, but it's a totally different issue.
,
Sep 5 2017
Able to reproduce the issue on Mac 10.12.6, Win-10 and Ubuntu 14.04 using chrome latest stable #60.0.3112.113 and latest canary #63.0.3205.0. This is a non-regression issue as it is observed from M45 old builds. Hence, marking it as untriaged to get more inputs from dev team. Thanks...!!
,
Sep 5 2017
As noted above, these are legal URLs, and could resolve to real websites in legit use cases. For example: www.google.com/search?q=www.google.com This searches Google for "www.google.com", but could also have come from pasting one URL in front of another. I don't think there's an action to take here.
,
Sep 5 2017
I do think that "http://www.google.comcomicneue.comwww.comicsanscriminal.com/" should not resolve to "www.comicsanscriminal.com/". If the url is valid it should resolve to "www.google.comcomicneue.comwww.comicsanscriminal.com"
,
Sep 5 2017
This behavior is up to the DNS server at the other end. The servers for comicsanscriminal.com determine how to respond to requests for subdomains of that site. In this case, those servers choose to treat this as a valid request and serve content at it. From Chrome's perspective, this isn't different than e.g. mail.google.com. |
|||
►
Sign in to add a comment |
|||
Comment 1 by julienro...@gmail.com
, Sep 1 2017106 KB
106 KB View Download