Bug 1552141 Comment 21 Edit History

Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.

I just tried these STR in a 2019-07-05 nightly on Mac, with a clean profile:

1) Bookmarks > Show All Bookmarks, to open the bookmark library window.
2) Ctrl+click on "Other Bookmarks" in the left pane.
3) Select "New Bookmark..."
4) Type `javascript:alert("%s")` for the location (note the `"` there!).
5) Type `testme` for the keyword
6) Load `about:blank` in a tab (to ensure that there is no CSP weirdness involved).
7) Type "testme xyz" in the URL bar and hit enter.  This results in the browser loading `https://www.google.com/search?client=firefox-b-d&q=testm` (note that part of the string was lost, btw).  That said, the exact behavior here varies; I just tried it again and this time I got `https://www.google.com/search?client=firefox-b-d&q=test+me+zgjedhje+anglisht`.
8) Load `about:config`
9) Filter for "quantumbar"
10) Toggle it to false.
11) Load `about:blank` in a tab (to ensure that there is no CSP weirdness involved).
12) Type "testme xyz" in the URL bar and hit enter.  This results in an alert.

In terms of user-visible behavior before hitting enter, at step 7 the dropdown below the URL bar contains a bunch of search suggestions with the first one selected; the actual suggestions shown seem to vary in time quite a bit.  At step 12 the dropdown below the URL bar contains a single item listing itself as `moz-action:keyword,{"url":"javascript:alert("xyz")", "keyword":"testme", "input":"testme xyz"}: xyz` and that item is selected; hitting enter presumably commits to that item.

Do those steps work for you?
I just tried these STR in a 2019-07-05 nightly on Mac, with a clean profile:

1) Bookmarks > Show All Bookmarks, to open the bookmark library window.
2) Ctrl+click on "Other Bookmarks" in the left pane.
3) Select "New Bookmark..."
4) Type `javascript:alert("%s")` for the location (note the `"` there!).
5) Type `testme` for the keyword
6) Click "Add" and close the bookmark library window.
7) Load `about:blank` in a tab (to ensure that there is no CSP weirdness involved).
8) Type "testme xyz" in the URL bar and hit enter.  This results in the browser loading `https://www.google.com/search?client=firefox-b-d&q=testm` (note that part of the string was lost, btw).  That said, the exact behavior here varies; I just tried it again and this time I got `https://www.google.com/search?client=firefox-b-d&q=test+me+zgjedhje+anglisht`.
9) Load `about:config`
10) Filter for "quantumbar"
11) Toggle it to false.
12) Load `about:blank` in a tab (to ensure that there is no CSP weirdness involved).
13) Type "testme xyz" in the URL bar and hit enter.  This results in an alert.

In terms of user-visible behavior before hitting enter, at step 7 the dropdown below the URL bar contains a bunch of search suggestions with the first one selected; the actual suggestions shown seem to vary in time quite a bit.  At step 13 the dropdown below the URL bar contains a single item listing itself as `moz-action:keyword,{"url":"javascript:alert("xyz")", "keyword":"testme", "input":"testme xyz"}: xyz` and that item is selected; hitting enter presumably commits to that item.

Do those steps work for you?
I just tried these STR in a 2019-07-05 nightly on Mac, with a clean profile:

1) Bookmarks > Show All Bookmarks, to open the bookmark library window.
2) Ctrl+click on "Other Bookmarks" in the left pane.
3) Select "New Bookmark..."
4) Type `javascript:alert("%s")` for the location (note the `"` there!).
5) Type `testme` for the keyword
6) Click "Add" and close the bookmark library window.
7) Load `about:blank` in a tab (to ensure that there is no CSP weirdness involved).
8) Type "testme xyz" in the URL bar and hit enter.  This results in the browser loading `https://www.google.com/search?client=firefox-b-d&q=testm` (note that part of the string was lost, btw).  That said, the exact behavior here varies; I just tried it again and this time I got `https://www.google.com/search?client=firefox-b-d&q=test+me+zgjedhje+anglisht`.
9) Load `about:config`
10) Filter for "quantumbar"
11) Toggle it to false.
12) Load `about:blank` in a tab (to ensure that there is no CSP weirdness involved).
13) Type "testme xyz" in the URL bar and hit enter.  This results in an alert.

In terms of user-visible behavior before hitting enter, at step 8 the dropdown below the URL bar contains a bunch of search suggestions with the first one selected; the actual suggestions shown seem to vary in time quite a bit.  At step 13 the dropdown below the URL bar contains a single item listing itself as `moz-action:keyword,{"url":"javascript:alert("xyz")", "keyword":"testme", "input":"testme xyz"}: xyz` and that item is selected; hitting enter presumably commits to that item.

Do those steps work for you?

Back to Bug 1552141 Comment 21