Closed Bug 231720 Opened 21 years ago Closed 19 years ago

Malformed URL with extra http, semi-colon, causes redirect to http://www.microsoft.com/ ("http://http://", "http:://", "http;//") because of Google "I'm feeling lucky"

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Type:
defect
Priority:
Not set
Severity:
trivial

Tracking

()

Status:
VERIFIED DUPLICATE of bug 263213

People

(Reporter: cj.kiewiet, Assigned: bugzilla)

References

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031007 Firebird/0.7
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031007 Firebird/0.7

When I try to connect "http://http://www.mozilla.org/" by using my firebird 0.7
browser it goos to "http://www.microsoft.com/".

Reproducible: Always

Steps to Reproduce:
1. Enter "http://http://www.mozilla.org/" in the address thingie (sorry for my
english)
2. Press enter.
3. Wait until the page is loaded

Actual Results:  
I tries to resolve "http" the it contacts google.com but it goes so fast I can't
see what is happening exactly. At the end of it, it loads
"http://www.mircosoft.com/".

Expected Results:  
No idee I found this out be not meaning to do it.
the google "I'm feeling lucky" search for http apparently now returns 
microsoft.com.  A malformed URL like that will get parsed into a keyword 
search, which is what happens.

If you type odd things into the URL bar, it might take you to odd places.

In any case, this isn't a bug, its just weirdness with google.
Status: UNCONFIRMED → RESOLVED
Closed: 21 years ago
Resolution: --- → INVALID
*** Bug 232142 has been marked as a duplicate of this bug. ***
*** Bug 232144 has been marked as a duplicate of this bug. ***
*** Bug 232145 has been marked as a duplicate of this bug. ***
*** Bug 236451 has been marked as a duplicate of this bug. ***
*** Bug 241075 has been marked as a duplicate of this bug. ***
*** Bug 244071 has been marked as a duplicate of this bug. ***
*** Bug 245242 has been marked as a duplicate of this bug. ***
*** Bug 248312 has been marked as a duplicate of this bug. ***
*** Bug 251487 has been marked as a duplicate of this bug. ***
*** Bug 254754 has been marked as a duplicate of this bug. ***
*** Bug 262532 has been marked as a duplicate of this bug. ***
*** Bug 263097 has been marked as a duplicate of this bug. ***
*** Bug 235478 has been marked as a duplicate of this bug. ***
*** Bug 257905 has been marked as a duplicate of this bug. ***
*** Bug 259133 has been marked as a duplicate of this bug. ***
*** Bug 258336 has been marked as a duplicate of this bug. ***
*** Bug 255483 has been marked as a duplicate of this bug. ***
*** Bug 236168 has been marked as a duplicate of this bug. ***
*** Bug 245469 has been marked as a duplicate of this bug. ***
Status: RESOLVED → VERIFIED
OS: Windows XP → All
Hardware: PC → All
Summary: Firebird redirects "http://http://www.mozilla.org/" to "http://www.microsoft.com/" → Extra http, semi-colon, causes redirect to http://www.microsoft.com/ ("http://http://", "http:://") because of Google quicksearch
Summary: Extra http, semi-colon, causes redirect to http://www.microsoft.com/ ("http://http://", "http:://") because of Google quicksearch → Extra http, semi-colon, causes redirect to http://www.microsoft.com/ ("http://http://", "http:://", "http;//") because of Google "I'm feeling lucky"
*** Bug 254249 has been marked as a duplicate of this bug. ***
*** Bug 263191 has been marked as a duplicate of this bug. ***
Sorry for all this bugspam, just sorting out dupes and tweaking summary to catch
more dupes.
Summary: Extra http, semi-colon, causes redirect to http://www.microsoft.com/ ("http://http://", "http:://", "http;//") because of Google "I'm feeling lucky" → Malformed URL with extra http, semi-colon, causes redirect to http://www.microsoft.com/ ("http://http://", "http:://", "http;//") because of Google "I'm feeling lucky"
*** Bug 263334 has been marked as a duplicate of this bug. ***
*** Bug 264533 has been marked as a duplicate of this bug. ***
*** Bug 265958 has been marked as a duplicate of this bug. ***
*** Bug 268369 has been marked as a duplicate of this bug. ***
*** Bug 271514 has been marked as a duplicate of this bug. ***
*** Bug 272986 has been marked as a duplicate of this bug. ***
*** Bug 273118 has been marked as a duplicate of this bug. ***
*** Bug 273173 has been marked as a duplicate of this bug. ***
I think this is a bug that should be fixed: either by correcting double http or
by simply stripping off the http's and searching for what's left, and not
searching for the string with http AND everything after the slash stripped off
(leaving http).
(In reply to comment #32)
> I think this is a bug that should be fixed: either by correcting double http or
> by simply stripping off the http's and searching for what's left, and not
> searching for the string with http AND everything after the slash stripped off
> (leaving http).

Hear, hear! Protocol strings in that field have such a significant meaning that
it doesn't make sense to follow the regular rule.
(In reply to comment #33)
> (In reply to comment #32)
> > I think this is a bug that should be fixed: either by correcting double http or
> > by simply stripping off the http's and searching for what's left, and not
> > searching for the string with http AND everything after the slash stripped off
> > (leaving http).
> 
> Hear, hear! Protocol strings in that field have such a significant meaning that
> it doesn't make sense to follow the regular rule.
Right now, everything _exept_ the http is cut off... I think searching for the
other part makes more sense than searching for "http".
*** Bug 273822 has been marked as a duplicate of this bug. ***
*** Bug 274069 has been marked as a duplicate of this bug. ***
*** Bug 275553 has been marked as a duplicate of this bug. ***
*** Bug 275738 has been marked as a duplicate of this bug. ***
(In reply to comment #38)
> *** Bug 275738 has been marked as a duplicate of this bug. ***

This is a valid bug that needs to be reviewed before simply being closed. Stop
for one second and consider the possabilities. I personally experienced this bug
in a very undesirable way. I clicked a malformed link embedded within a page,
and it literally sent me to the CIA's Fact page for the country of Chad. There
is never a legitimate reason to automatically search and redirect off a
malformed link. I understand the argument for in the address bar (address being
mis-typed), but not when simply clicked on a page. I could be sent to any
inappropiate pages someone could dream up.
*** Bug 276377 has been marked as a duplicate of this bug. ***
*** Bug 276903 has been marked as a duplicate of this bug. ***
*** Bug 277386 has been marked as a duplicate of this bug. ***
*** Bug 279170 has been marked as a duplicate of this bug. ***
*** Bug 280648 has been marked as a duplicate of this bug. ***
*** Bug 280935 has been marked as a duplicate of this bug. ***
I think the important clincher about this bug is that it also applies to *links*
on webpages. So if someone were to make the link,

<A HREF="http://whoisyourdaddy:">Who is your daddy?</A>

Clicking on it would do a lucky search for "whoisyourdaddy" which is NOT the
expected behavior.

The proper behavior should be that the lucky search should only be performed on
stuff typed in the address bar and not from links on webpages.
*** Bug 281332 has been marked as a duplicate of this bug. ***
*** Bug 283152 has been marked as a duplicate of this bug. ***
By marking this as not a bug you are saying that when I click on a link in a webpage that has:

<a href="http//kernel.org">Sick of Windows?  Try Linux.</a>

and firefox completely silently redirects to microsoft.com it is not undesirable behaviour?

It is totally puzzling to the user, to say the least.

Clearly some visual feedback is required when doing the "Google I feel lucky thing".
*** Bug 287099 has been marked as a duplicate of this bug. ***
*** Bug 288869 has been marked as a duplicate of this bug. ***
(In reply to comment #51)
> *** Bug 288869 has been marked as a duplicate of this bug. ***

This was a simlar bug, but not exactly, this is when ':' is omitted. It seems
that FF first removes http://, but now nothing is removed, but then cut \/\/.*
and returns rest to google.
If the mass uses Firefox, one user may end up typing
http//www.getthunderbird.com to get the email application he heard about. Now he
ends up at Microsoft, maybe thinking Thunderbird is Microsoft's!
I think the whole feeling lucky thing should be revised. Another example: a user
finally understands Firefox's behaviour regarding feeling lucky searches. He
decides to go to Gmail, but doesn't know the name anymore so he types 'google
email' in the address bar. Then he'll end up at a google result page for
'email', nothing related to what he wanted (no, not a Google bug).
*** Bug 289037 has been marked as a duplicate of this bug. ***
*** Bug 289793 has been marked as a duplicate of this bug. ***
*** Bug 290289 has been marked as a duplicate of this bug. ***
*** Bug 291463 has been marked as a duplicate of this bug. ***
*** Bug 295172 has been marked as a duplicate of this bug. ***
Fixing bug 295991 would pretty much resolve this problem. The google query would
then become the whole url, not just the "http" part. In which case google will
either forward you to the url or tell you that it doesn't know about it.

This also manifests for a URL in the "Location" header.  I encountered it
because of a configuration error in phpLists (it asks for the site root url in
the config and isn't clear if it wants the http part of that).  Figuring out how
the form post was ending on at www.microsoft.com tooks some doing, as there is
no reason to expect that the url is the location header is being fed through a
search engine (and there is no reason why this should be the case). 
*** Bug 299910 has been marked as a duplicate of this bug. ***
*** Bug 300560 has been marked as a duplicate of this bug. ***
If a user were to search for something, he can use the search plugin (search
box) in Firefox.

Alternative [Suggestion]: Display the search results from Google instead of
forwarding to "I'm Feeling Lucky" page (1st in results list).

This is really an unexpected behaviour...it simply must get fixed!
Feeling lucky is handy sometimes, for example when you forgot the extension of a
domain. Usually doing a feeling lucky for the domain without extension gives you
the site you want.
There should be _SOME_ sort of error handling with this.  "feeling lucky" is
well and good, if you type it in the address bar.  However, clicking malformed
links in pages (usually forum pages where users mess it up) shouldn't be treated
as Google "Lucky" searches.
*** Bug 305627 has been marked as a duplicate of this bug. ***
A link to "http:// http://www.70south.com/resources/bases" (the double 'http://'
is not my mistake) will also send the user to microsoft.  Additionaly, I don't
understand all this talk about "feeling lucky", since I never enable such
features and it's not in the Tools->Options dialog.

This sort of feature should never be enabled by default.
(In reply to comment #67)
> A link to "http:// http://www.70south.com/resources/bases" (the double 'http://'
> is not my mistake) will also send the user to microsoft.  Additionaly, I don't
> understand all this talk about "feeling lucky", since I never enable such
> features and it's not in the Tools->Options dialog.

I agree that this should be somewhere in the options.  SOMEWHERE.  I found
JRuderman has a page on how to alter this behavior:
http://www.squarefree.com/2004/09/09/googles-browse-by-name-in-firefox/
http://www.mozilla.org/support/firefox/tips#beh_search
> This sort of feature should never be enabled by default.

If you type just a word into IE's bar, it tries it with .com, .net, .org, adds
www and starts over, and after that says it can't find it and suggests some
search options.  There needs to be some sort of similar result in firefox, I'd
rather the browser do something than nothing.

However, I believe the best method is the first time it's done, ask the user
what he'd like to do, and if this should be done every time.  My preferred
reaction is just the google results page.



The only part of the bug I consider truely valid is that if I searched [http
http www mozilla org], the first result is actually http://www.mozilla.org.  The
bug is that firefox stops at the ://, and doesn't search the rest of the box. 
I'd reopen if I were bolder.
In my opinion it should just not autosearch for links at all. I like the feeling
lucky behaviour in the location bar (I regularly enter search terms), but for
links it's just terrible.
Many of the bugs marked as dups of this bug are actually dups of bug 184814.  I
imagine the same is true for many of this bug's votes.
.. and for problems with URLs typed into the Location Bar, see bug 95390.
*** Bug 312130 has been marked as a duplicate of this bug. ***
This is a valid bug. Firefox developers, please get off your high horse and stop
telling people it's not a bug when everybody else says that it is. 

This is a major security flaw in Firefox. Do you realise that this can be used
as a phishing tool? By using well-known techniques like google-bombing to force
a scammers' site to the top of google's list for certain keywords, Firefox will
immediately redirect users to the scammers' site whenever the original site is
down or otherwise unreachable. 

Please stop ignoring your users.
I'll try to review and cleanup, invalid may not be the most accurate resolution.
QA Contact: benc
Note bug 310826, which is a much better "fixing" condition.
*** Bug 313264 has been marked as a duplicate of this bug. ***
INVALID is an unreasonable resolution, there's obviously a real issue here as all the dupes attest. The end result is the same (closed bug), but better to find an appropriate dupe for this one.
Status: VERIFIED → REOPENED
Resolution: INVALID → ---

*** This bug has been marked as a duplicate of 263213 ***
Status: REOPENED → RESOLVED
Closed: 21 years ago19 years ago
Resolution: --- → DUPLICATE
Some of the dups of this bug involved typing malformed URLs into the address bar, so marking this as a dup of bug 263213 isn't quite correct.  I think those cases (where it seems like the heuristic for typed URLs should be changed) are covered by bug 95390, though.
voting for this bug due to illegitimate privacy invasion
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.