New issue
Advanced search Search tips

Issue 816280 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Feb 2018
Cc:
pnangunoori@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Android , Windows , Mac
Pri: 2
Type: Bug



Sign in to add a comment

Problematic copying or pastung of a particular text and problem in searching a particular text in the URL box

Reported by cvivek...@gmail.com, Feb 25 2018 
Steps to reproduce the problem:
Part 1:
1. Open chrome and type "javascript:anything" in the URL box  without double quotes.
2. Search for the query.
Part 2:
1. Browse to any page containing "javascript:anything" (without quotes).
For example :"https://www.google.co.in/search?source=hp&ei=-ZqSWqy_HoHfvATbtY-4Dg&q=javascript%3Aalert%281%29&oq=java&gs_l=mobile-gws-hp.1.0.35i39j0i67l2j0i20i263j0.852.1851..2799...0....314.915.0j2j1j1..........1..mobile-gws-wiz-hp.......0i131.LGYZqk0HsxM%3D"
2. Copy the part "javascript:anything" (not the double quotes).
3.paste the part in the URL box.

What is the expected behavior?
For part 1:
Chrome should return the requested search results.
For part 2:
Chrome should copy and paste the text successfully.

What went wrong?
1.Chrome is not searching any query containing "javascript:blabla". 
2. Chrome is partially copying the text containing "javascript:anything" . It ignores the "Javascript:" part and copies only the "anything" part.

Did this work before? N/A 

Chrome version: 63.0.3239.111  Channel: stable
OS Version: 4.4.2
Flash Version: 

I know that you only reward bounties for security issues. I am not an expert so I don't know what actually can be done by this bug (maybe code execution ). So please let me know the severity of issue I found.
Thanks !
Chrome-20180225_164112.mkv
4.0 MB Download
Chrome-20180225_164932.mkv
2.5 MB Download

Comment 1 by pnangunoori@chromium.org, Feb 26 2018

Labels: Needs-triage-Mobile

Comment 2 by pnangunoori@chromium.org, Feb 26 2018

Cc: pnangunoori@chromium.org
Components: UI>Browser>Omnibox Blink
Labels: FoundIn-66 Target-66 M-66 Triaged-Mobile FoundIn-64 FoundIn-65 OS-Linux OS-Mac OS-Windows
Status: Untriaged (was: Unconfirmed)
Tested the issue in Android and able to reproduce the issue. Similar behavior is observed since Chrome #60.0.3072.0

Steps Followed:
1. Launched the Chrome Browser.
2. Search for the string "javascript:anything".
3. Observed that no results are displayed.
4. Navigate to www.google.com
5. In the Search bar, enter "javascript:anything" and tap on search button.
6. Observed that results are displayed.
7. From the text bar copy complete text and paste it in the omnibox.
8. Observed that only "anything" is pasted in the omnibox.

Chrome versions tested:
60.0.3072.0, 64.0.3282.137(Stable), 66.0.3355.0(Canary)

OS:
Android 8.1.0

Android Devices:
Pixel

This seems to be a Non-Regression issue as same behavior is seen since M60.  Untriaged for further input's on this issue.

Please navigate to below link for log's and video--
go/chrome-androidlogs/816280

Note: 
1. Similar behavior is observed in Desktop Chrome on Windows 10, Mac 10.13.3 and Debian Rodete.
2. Almost similar behavior is observed on FireFox mobile version.

Comment 3 by mpear...@chromium.org, Feb 27 2018

Status: WontFix (was: Untriaged)
This is working as intended to prevent users from pasting javascript: commands into the omnibox, which can then gather information and send it to an attacker.  It's a security "feature".

Thanks for your attention to detail and conscientious reporting of bugs.

Sign in to add a comment