2011368 - p3x.redis.patrikx3.com - The URL in the address bar cannot be changed after clicking the “Connect” button on the page

Status: NEW

(Web Compatibility :: Site Reports, defect)

Description

[Bernadett Farkas]

Environment:
Operating system: Windows 10
Firefox version: Firefox 140.7.0esr / Firefox Nightly 149.0a1 (2026-01-19)

Steps to reproduce:

1. Access: https://p3x.redis.patrikx3.com/
2. Navigate on the site, clicking on different links and buttons
3. Click on "Connect" button
4. Go to the address bar and try to change the current address (e.g. www.google.com)
5. Observe the page

Expected Behavior:
The URL is changed accordingly

Actual Behavior:
The page gets redirected to https://p3x.redis.patrikx3.com/ and the URL remains unchanged

Notes:

• If the page is opened by selecting "Open in a New Tab" from a search page, then the "Back" button is disabled
• Reproduces regardless of the status of ETP
• Reproduces in firefox-nightly, and firefox-release
• Does not reproduce in chrome

Created from https://github.com/webcompat/web-bugs/issues/202211

Comment 1

[Bernadett Farkas]

Attachment: Address bar issue Nightly vs Chrome

Comment 2

[Dennis Schubert [:denschub]]

Okay this is weird - I entered google.com pressed enter - and then I get a page load in the devtools for google.com that then gets aborted and the page reloads. This feels like the kind of issue that has the potential of being abused by malicious actors, so I'll flag this as a sec bug for the sec people to triage for now.

Jesup, do you have any clue what's happening here?

Comment 3

[Daniel Veditz [:dveditz]]

I can reproduce by typing "google.com", but when I type "https://example.com" (with scheme) or "firefox.com" (no scheme) those pages do load fine. Hard to believe we would treat those differently, or that we'd leak to the page which one we were doing.

More of an annoyance than a security bug, but we did mark similar bug 1704302 as sec-low.