Malformed URL with extra http, semi-colon, causes redirect to http://www.microsoft.com/ ("http://http://", "http:://", "http;//") because of Google "I'm feeling lucky"

VERIFIED DUPLICATE of bug 263213

Status

()

--
trivial
VERIFIED DUPLICATE of bug 263213
15 years ago
10 years ago

People

(Reporter: cj.kiewiet, Assigned: bugzilla)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

15 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031007 Firebird/0.7
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031007 Firebird/0.7

When I try to connect "http://http://www.mozilla.org/" by using my firebird 0.7
browser it goos to "http://www.microsoft.com/".

Reproducible: Always

Steps to Reproduce:
1. Enter "http://http://www.mozilla.org/" in the address thingie (sorry for my
english)
2. Press enter.
3. Wait until the page is loaded

Actual Results:  
I tries to resolve "http" the it contacts google.com but it goes so fast I can't
see what is happening exactly. At the end of it, it loads
"http://www.mircosoft.com/".

Expected Results:  
No idee I found this out be not meaning to do it.
the google "I'm feeling lucky" search for http apparently now returns 
microsoft.com.  A malformed URL like that will get parsed into a keyword 
search, which is what happens.

If you type odd things into the URL bar, it might take you to odd places.

In any case, this isn't a bug, its just weirdness with google.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 15 years ago
Resolution: --- → INVALID

Comment 2

15 years ago
*** Bug 232142 has been marked as a duplicate of this bug. ***

Comment 3

15 years ago
*** Bug 232144 has been marked as a duplicate of this bug. ***

Comment 4

15 years ago
*** Bug 232145 has been marked as a duplicate of this bug. ***

Comment 5

15 years ago
*** Bug 236451 has been marked as a duplicate of this bug. ***

Comment 6

15 years ago
*** Bug 241075 has been marked as a duplicate of this bug. ***

Comment 7

15 years ago
*** Bug 244071 has been marked as a duplicate of this bug. ***

Comment 8

15 years ago
*** Bug 245242 has been marked as a duplicate of this bug. ***

Comment 9

15 years ago
*** Bug 248312 has been marked as a duplicate of this bug. ***

Comment 10

15 years ago
*** Bug 251487 has been marked as a duplicate of this bug. ***

Comment 11

14 years ago
*** Bug 254754 has been marked as a duplicate of this bug. ***

Comment 12

14 years ago
*** Bug 262532 has been marked as a duplicate of this bug. ***

Comment 13

14 years ago
*** Bug 263097 has been marked as a duplicate of this bug. ***
*** Bug 235478 has been marked as a duplicate of this bug. ***
*** Bug 257905 has been marked as a duplicate of this bug. ***
*** Bug 259133 has been marked as a duplicate of this bug. ***
*** Bug 258336 has been marked as a duplicate of this bug. ***
*** Bug 255483 has been marked as a duplicate of this bug. ***
*** Bug 236168 has been marked as a duplicate of this bug. ***
*** Bug 245469 has been marked as a duplicate of this bug. ***
Status: RESOLVED → VERIFIED
OS: Windows XP → All
Hardware: PC → All
Summary: Firebird redirects "http://http://www.mozilla.org/" to "http://www.microsoft.com/" → Extra http, semi-colon, causes redirect to http://www.microsoft.com/ ("http://http://", "http:://") because of Google quicksearch
Summary: Extra http, semi-colon, causes redirect to http://www.microsoft.com/ ("http://http://", "http:://") because of Google quicksearch → Extra http, semi-colon, causes redirect to http://www.microsoft.com/ ("http://http://", "http:://", "http;//") because of Google "I'm feeling lucky"
*** Bug 254249 has been marked as a duplicate of this bug. ***
*** Bug 263191 has been marked as a duplicate of this bug. ***
Sorry for all this bugspam, just sorting out dupes and tweaking summary to catch
more dupes.
Summary: Extra http, semi-colon, causes redirect to http://www.microsoft.com/ ("http://http://", "http:://", "http;//") because of Google "I'm feeling lucky" → Malformed URL with extra http, semi-colon, causes redirect to http://www.microsoft.com/ ("http://http://", "http:://", "http;//") because of Google "I'm feeling lucky"

Comment 24

14 years ago
*** Bug 263334 has been marked as a duplicate of this bug. ***

Comment 25

14 years ago
*** Bug 264533 has been marked as a duplicate of this bug. ***
*** Bug 265958 has been marked as a duplicate of this bug. ***

Comment 27

14 years ago
*** Bug 268369 has been marked as a duplicate of this bug. ***

Comment 28

14 years ago
*** Bug 271514 has been marked as a duplicate of this bug. ***

Comment 29

14 years ago
*** Bug 272986 has been marked as a duplicate of this bug. ***

Comment 30

14 years ago
*** Bug 273118 has been marked as a duplicate of this bug. ***
*** Bug 273173 has been marked as a duplicate of this bug. ***

Comment 32

14 years ago
I think this is a bug that should be fixed: either by correcting double http or
by simply stripping off the http's and searching for what's left, and not
searching for the string with http AND everything after the slash stripped off
(leaving http).

Comment 33

14 years ago
(In reply to comment #32)
> I think this is a bug that should be fixed: either by correcting double http or
> by simply stripping off the http's and searching for what's left, and not
> searching for the string with http AND everything after the slash stripped off
> (leaving http).

Hear, hear! Protocol strings in that field have such a significant meaning that
it doesn't make sense to follow the regular rule.

Comment 34

14 years ago
(In reply to comment #33)
> (In reply to comment #32)
> > I think this is a bug that should be fixed: either by correcting double http or
> > by simply stripping off the http's and searching for what's left, and not
> > searching for the string with http AND everything after the slash stripped off
> > (leaving http).
> 
> Hear, hear! Protocol strings in that field have such a significant meaning that
> it doesn't make sense to follow the regular rule.
Right now, everything _exept_ the http is cut off... I think searching for the
other part makes more sense than searching for "http".
*** Bug 273822 has been marked as a duplicate of this bug. ***

Comment 36

14 years ago
*** Bug 274069 has been marked as a duplicate of this bug. ***
*** Bug 275553 has been marked as a duplicate of this bug. ***
*** Bug 275738 has been marked as a duplicate of this bug. ***

Comment 39

14 years ago
(In reply to comment #38)
> *** Bug 275738 has been marked as a duplicate of this bug. ***

This is a valid bug that needs to be reviewed before simply being closed. Stop
for one second and consider the possabilities. I personally experienced this bug
in a very undesirable way. I clicked a malformed link embedded within a page,
and it literally sent me to the CIA's Fact page for the country of Chad. There
is never a legitimate reason to automatically search and redirect off a
malformed link. I understand the argument for in the address bar (address being
mis-typed), but not when simply clicked on a page. I could be sent to any
inappropiate pages someone could dream up.

Comment 40

14 years ago
*** Bug 276377 has been marked as a duplicate of this bug. ***

Comment 41

14 years ago
*** Bug 276903 has been marked as a duplicate of this bug. ***

Comment 42

14 years ago
*** Bug 277386 has been marked as a duplicate of this bug. ***

Comment 43

14 years ago
*** Bug 279170 has been marked as a duplicate of this bug. ***

Comment 44

14 years ago
*** Bug 280648 has been marked as a duplicate of this bug. ***
*** Bug 280935 has been marked as a duplicate of this bug. ***

Comment 46

14 years ago
I think the important clincher about this bug is that it also applies to *links*
on webpages. So if someone were to make the link,

<A HREF="http://whoisyourdaddy:">Who is your daddy?</A>

Clicking on it would do a lucky search for "whoisyourdaddy" which is NOT the
expected behavior.

The proper behavior should be that the lucky search should only be performed on
stuff typed in the address bar and not from links on webpages.
*** Bug 281332 has been marked as a duplicate of this bug. ***
*** Bug 283152 has been marked as a duplicate of this bug. ***

Comment 49

14 years ago
By marking this as not a bug you are saying that when I click on a link in a webpage that has:

<a href="http//kernel.org">Sick of Windows?  Try Linux.</a>

and firefox completely silently redirects to microsoft.com it is not undesirable behaviour?

It is totally puzzling to the user, to say the least.

Clearly some visual feedback is required when doing the "Google I feel lucky thing".
*** Bug 287099 has been marked as a duplicate of this bug. ***
*** Bug 288869 has been marked as a duplicate of this bug. ***

Comment 52

14 years ago
(In reply to comment #51)
> *** Bug 288869 has been marked as a duplicate of this bug. ***

This was a simlar bug, but not exactly, this is when ':' is omitted. It seems
that FF first removes http://, but now nothing is removed, but then cut \/\/.*
and returns rest to google.

Comment 53

14 years ago
If the mass uses Firefox, one user may end up typing
http//www.getthunderbird.com to get the email application he heard about. Now he
ends up at Microsoft, maybe thinking Thunderbird is Microsoft's!
I think the whole feeling lucky thing should be revised. Another example: a user
finally understands Firefox's behaviour regarding feeling lucky searches. He
decides to go to Gmail, but doesn't know the name anymore so he types 'google
email' in the address bar. Then he'll end up at a google result page for
'email', nothing related to what he wanted (no, not a Google bug).

Comment 54

14 years ago
*** Bug 289037 has been marked as a duplicate of this bug. ***

Comment 55

14 years ago
*** Bug 289793 has been marked as a duplicate of this bug. ***
*** Bug 290289 has been marked as a duplicate of this bug. ***
*** Bug 291463 has been marked as a duplicate of this bug. ***
*** Bug 295172 has been marked as a duplicate of this bug. ***
Fixing bug 295991 would pretty much resolve this problem. The google query would
then become the whole url, not just the "http" part. In which case google will
either forward you to the url or tell you that it doesn't know about it.

Comment 60

14 years ago
This also manifests for a URL in the "Location" header.  I encountered it
because of a configuration error in phpLists (it asks for the site root url in
the config and isn't clear if it wants the http part of that).  Figuring out how
the form post was ending on at www.microsoft.com tooks some doing, as there is
no reason to expect that the url is the location header is being fed through a
search engine (and there is no reason why this should be the case). 

Comment 61

14 years ago
*** Bug 299910 has been marked as a duplicate of this bug. ***

Comment 62

14 years ago
*** Bug 300560 has been marked as a duplicate of this bug. ***

Comment 63

13 years ago
If a user were to search for something, he can use the search plugin (search
box) in Firefox.

Alternative [Suggestion]: Display the search results from Google instead of
forwarding to "I'm Feeling Lucky" page (1st in results list).

This is really an unexpected behaviour...it simply must get fixed!

Comment 64

13 years ago
Feeling lucky is handy sometimes, for example when you forgot the extension of a
domain. Usually doing a feeling lucky for the domain without extension gives you
the site you want.

Comment 65

13 years ago
There should be _SOME_ sort of error handling with this.  "feeling lucky" is
well and good, if you type it in the address bar.  However, clicking malformed
links in pages (usually forum pages where users mess it up) shouldn't be treated
as Google "Lucky" searches.

Comment 66

13 years ago
*** Bug 305627 has been marked as a duplicate of this bug. ***

Comment 67

13 years ago
A link to "http:// http://www.70south.com/resources/bases" (the double 'http://'
is not my mistake) will also send the user to microsoft.  Additionaly, I don't
understand all this talk about "feeling lucky", since I never enable such
features and it's not in the Tools->Options dialog.

This sort of feature should never be enabled by default.

Comment 68

13 years ago
(In reply to comment #67)
> A link to "http:// http://www.70south.com/resources/bases" (the double 'http://'
> is not my mistake) will also send the user to microsoft.  Additionaly, I don't
> understand all this talk about "feeling lucky", since I never enable such
> features and it's not in the Tools->Options dialog.

I agree that this should be somewhere in the options.  SOMEWHERE.  I found
JRuderman has a page on how to alter this behavior:
http://www.squarefree.com/2004/09/09/googles-browse-by-name-in-firefox/
http://www.mozilla.org/support/firefox/tips#beh_search
> This sort of feature should never be enabled by default.

If you type just a word into IE's bar, it tries it with .com, .net, .org, adds
www and starts over, and after that says it can't find it and suggests some
search options.  There needs to be some sort of similar result in firefox, I'd
rather the browser do something than nothing.

However, I believe the best method is the first time it's done, ask the user
what he'd like to do, and if this should be done every time.  My preferred
reaction is just the google results page.



The only part of the bug I consider truely valid is that if I searched [http
http www mozilla org], the first result is actually http://www.mozilla.org.  The
bug is that firefox stops at the ://, and doesn't search the rest of the box. 
I'd reopen if I were bolder.

Comment 69

13 years ago
In my opinion it should just not autosearch for links at all. I like the feeling
lucky behaviour in the location bar (I regularly enter search terms), but for
links it's just terrible.

Comment 70

13 years ago
Many of the bugs marked as dups of this bug are actually dups of bug 184814.  I
imagine the same is true for many of this bug's votes.

Comment 71

13 years ago
.. and for problems with URLs typed into the Location Bar, see bug 95390.

Comment 72

13 years ago
*** Bug 312130 has been marked as a duplicate of this bug. ***

Comment 73

13 years ago
This is a valid bug. Firefox developers, please get off your high horse and stop
telling people it's not a bug when everybody else says that it is. 

This is a major security flaw in Firefox. Do you realise that this can be used
as a phishing tool? By using well-known techniques like google-bombing to force
a scammers' site to the top of google's list for certain keywords, Firefox will
immediately redirect users to the scammers' site whenever the original site is
down or otherwise unreachable. 

Please stop ignoring your users.

Comment 74

13 years ago
I'll try to review and cleanup, invalid may not be the most accurate resolution.
QA Contact: benc
Note bug 310826, which is a much better "fixing" condition.

Comment 76

13 years ago
*** Bug 313264 has been marked as a duplicate of this bug. ***
INVALID is an unreasonable resolution, there's obviously a real issue here as all the dupes attest. The end result is the same (closed bug), but better to find an appropriate dupe for this one.
Status: VERIFIED → REOPENED
Resolution: INVALID → ---

*** This bug has been marked as a duplicate of 263213 ***
Status: REOPENED → RESOLVED
Last Resolved: 15 years ago13 years ago
Resolution: --- → DUPLICATE

Comment 79

13 years ago
Some of the dups of this bug involved typing malformed URLs into the address bar, so marking this as a dup of bug 263213 isn't quite correct.  I think those cases (where it seems like the heuristic for typed URLs should be changed) are covered by bug 95390, though.

Comment 80

13 years ago
voting for this bug due to illegitimate privacy invasion

Updated

10 years ago
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.