Closed Bug 350117 Opened 18 years ago Closed 18 years ago

"javascript:" url always gets "fixed up" even when fixup is off

Categories

(Firefox :: Address Bar, defect)

Product:
Firefox
Component:
Address Bar
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED WORKSFORME

People

(Reporter: mozilla, Unassigned)

References

(
URL
)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728 Firefox/1.5.0.6
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728 Firefox/1.5.0.6

Under some circumstances, javascript: urls typed into the location bar will be "fixed-up", going to "www.javascript.com".  This always happens when browser.fixup.alternate.enabled is False.  When browser.fixup.alternate.enabled is True, this happens the first time, and then the javascript is run as expected.

Reproducible: Always

Steps to Reproduce:
1. Open a new browser window.
2. Type "javascript:alert('hi')" in the location bar.
3. Press enter.

Actual Results:  
The browser makes several attempts to "fixup" the URL, eventually bringing up www.javascript.com.

Expected Results:  
The javascript should be run.

The javascript should be run *even if* fixup is enabled (the default), since it is a fully-qualified url with a javascript: scheme.

When fixup is disabled, this still happens *the first time* you do it in a new window. If you then try a second time, the javascript is evaluated as expected.
Just to be extra-clear, the correct behavior (IMHO) is that javascript: urls should *never* be fixed up.

However, even if you disagree with that, they should not be fixed up when fixup is off.
Do you still see the same thing in Safe Mode, or with a new profile, to eliminate the possibility of extension interference? I use javascript: URLs to the extent of using them as a calculator when I can't remember what 7*9 is, and I've never seen one go through fixup.
You may be on to something. I tried this on two different machines, running Linux and Windows, before I opened this bug just to be sure.  Nevertheless, when I ran in safe mode, I didn't see the behavior so there may be extension interference.  I will see what extensions they have in common and try disabling those.
Status: UNCONFIRMED → RESOLVED
Closed: 18 years ago
Resolution: --- → WORKSFORME
I just tried a new profile with the latest trunk build and confirmed this.

1. type javascript:alert("hi");
2. Press Shift+enter
3. url becomes http://www.javascript:alert("hi");.net/
sorry for bugspam, but the fix would be to change the regex in the canonizeUrl function in browser.js from:

/^(www|https?)\b|\/\s*$/

to:

/^(javascript|www|https?)\b|\/\s*$/

To test the change, I hacked the function with userChrome.js and it fixed it.
Why was this bug resolved?  It was confirmed and a patch was even given.  WORKSFORME?  I can still reproduce this.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.