To be clear, in this scenario you're tapping and holding for a link on the page, and you're concerned about the URL shown on the popup menu that appears?

Display of URLs in the context menu and most other contexts (with the exception of the address box) is not considered a security surface. An attacker can easily misrepresent the target of a URL using JavaScript, open redirectors, etc.

https://chromium.googlesource.com/chromium/src/+/lkcr/docs/security/faq.md#Where-are-the-security-indicators-located-in-the-browser-window

I'm not sure exactly how the Android URL elision works in this case, and whether it would be possible for the URL to be crafted such that it hides/disguises the origin. But as #1 states, this isn't generally considered a security surface.

I tried long-pressing a long URL on Chrome Canary (Android 8 Nexus 6P, Chrome 65.0.3292.0) but I could not get the "expanded URL" to show up as shown in the screenshot above. It gives a small scrolling box with the long URL (it's a little hard to manipulate by touch to look at the entire URL though). I'll see if I can test this on Android 7.

Well, it's obvious that this is not BIG security thing, but still it seems to be wrong, that we potentially allow for hiding part of URL.

BTW, long time ago I had also discussion if we should display URLs in user friendly form in such places and there was proposed the same function which is used in desktop Chrome and in fact up to know I don't see clear opinion if it will be accepted or not (see https://bugs.chromium.org/p/chromium/issues/detail?id=680673 and https://bugs.chromium.org/p/chromium/issues/detail?id=682393)

It means - this place isn't secure and IS less or more secure.

The problem here is not related to Android version but just to screen resolution - if it's small and URL is long enough, after expanding it it's not visible in 100% to user (and user cannot scroll it because of design)

Good example to test - Google ads

Thank you for providing more feedback. Adding requester "elawrence@chromium.org" to the cc list and removing "Needs-Feedback" label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

I'm not able to reproduce the expanded URL on Android 7 either, it just shows the context menu with a scrolling view for the URL (which is still not terribly good UI, but at least it can't elide the URL in weird ways). I've added a screenshot of what I'm seeing.

I'll also admit I'm not terribly familiar with Chrome on Android. What steps did you take to get the full URL popup to happen?

Deleted: Screenshot_1513291208.png 184 KB

	Screenshot_1513291208.png 184 KB View Download

1. enable new context menu - flag "Enable new context"

2. find smth with veeeerrryyy long URL

3. open context menu

4. click on URL

Thank you for providing more feedback. Adding requester "cthomp@chromium.org" to the cc list and removing "Needs-Feedback" label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

This definitely doesn't need view-restrictions.

Thanks! I was missing the "New Context Menu" flag, so I was seeing the old version which had a scrollable view.

Adding ktam@ (who appears to own the launch bug for the New Context Menu work).

Looks like the main bug here is that we need to have the content scroll. We're still working on updated designs here but should hopefully have something soon there.

Daniel, you're right.

Additionally if possible, please also consider other things (displaying URLs in user friendly form without % sequences, marking secure/insecure elements, etc.) in updated design. 

Thx in advance.