1841869 - entering "abc @xyz.[TLD]" in address bar opens a prompt regarding loading "xyz.[TLD]" instead of searching for "abc @xyz.[TLD]" on the default search engine

Status: VERIFIED FIXED

(Firefox :: Address Bar, defect, P3)

Description

[Dan]

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0

Steps to reproduce:

1. enter sth. like "Lorem Ipsum @mozilla.org" in adress bar
2. hit enter key

Actual results:

A strange login-prompt appears:
"You are about to log in to the site “mozilla.org” with the username “Lorem%20Ipsum%20”, but the website does not require authentication. This may be an attempt to trick you.

Is “mozilla.org” the site you want to visit?"

Expected results:

It should instantly search for "Lorem Ipsum @mozilla.org" on the default search engine, upon hitting enter key.

Comment 1

[BugBot [:suhaib / :marco/ :calixte]]

The Bugbug bot thinks this bug should belong to the 'Firefox::Address Bar' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Comment 2

[Marco Bonardo [:mak]]

we interpret the first part as a username:password pair, that technically is correct:
new URL("http://Lorem Ipsum @mozilla.org").href => "http://Lorem%20Ipsum%20@mozilla.org/"
The userinfo section allows for the following characters: unreserved / pct-encoded / sub-delims / ":"

From a user perspective, I think it makes sense to search though, unless the user explicitly typed the %20. I think the benefit overweights the cases where the user actually wants to provide a userinfo pair containing spaces.
The fix may not be trivial though, URIFixup trusts the URI parser, so this would need an explicit exception that I don't particularly like.
We should probably just add an exception in UrlbarProviderHeuristicFallback.sys.mjs

Comment 3

[Marc Seibert (:mseibert)]

Attachment: Bug 1841869 - entering "abc @xyz.[TLD]" in address bar opens a prompt regarding loading "xyz.[TLD]" instead of searching for "abc @xyz.[TLD]" on the default search engine.r=adw

Comment 4

[Dan]

Same with searching for a term like "abc.com word1 word2". It tries to open "abc.com" instead of searching for the entire string "abc.com word1 word2" on the browser's default searchengine.

Comment 5

[Pulsebot]

Pushed by dwillcoxon@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/8e2553caf05d
entering "abc @xyz.[TLD]" in address bar opens a prompt regarding loading "xyz.[TLD]" instead of searching for "abc @xyz.[TLD]" on the default search engine.r=adw

Comment 6

[Dan]

But shouldn't also "https://abc.com word1 word2" search on the browser's searchengine for "word1" and "word2" on "https://abc.com"?

Comment 7

[Sandor Molnar[:smolnar]]

https://hg.mozilla.org/mozilla-central/rev/8e2553caf05d

Comment 8

[Dan]

Hey! I asked a question!

Comment 9

[Marco Bonardo [:mak]]

(In reply to Dan from comment #6)

But shouldn't also "https://abc.com word1 word2" search on the browser's searchengine for "word1" and "word2" on "https://abc.com"?

Searching on a specific site works differently, and it's something we're investigating for the future.
For now that string is an invalid url, and the expected outcome is to execute a search for the whole string.
If you're using Google (but I imagine other search engines have similar syntax) you could search for "site:abc.com word1 word2".

Comment 10

[Dan]

Nevermind, it also works with https in front, sorry Sandor! Awesome fix, thanks everyone!!!

Comment 11

[Ardelean Oana, Desktop Test Engineering [:oardelean]]

Reproducible on a 2024-01-25 Nightly build on Windows 10.
Verified as fixed on Firefox Nightly 124.0a1 on Windows 10, macOS 12, Ubuntu 22.