"javascript:" url always gets "fixed up" even when fixup is off

VERIFIED WORKSFORME

Status

()

VERIFIED WORKSFORME
12 years ago
10 years ago

People

(Reporter: mozilla, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

12 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728 Firefox/1.5.0.6
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728 Firefox/1.5.0.6

Under some circumstances, javascript: urls typed into the location bar will be "fixed-up", going to "www.javascript.com".  This always happens when browser.fixup.alternate.enabled is False.  When browser.fixup.alternate.enabled is True, this happens the first time, and then the javascript is run as expected.

Reproducible: Always

Steps to Reproduce:
1. Open a new browser window.
2. Type "javascript:alert('hi')" in the location bar.
3. Press enter.

Actual Results:  
The browser makes several attempts to "fixup" the URL, eventually bringing up www.javascript.com.

Expected Results:  
The javascript should be run.

The javascript should be run *even if* fixup is enabled (the default), since it is a fully-qualified url with a javascript: scheme.

When fixup is disabled, this still happens *the first time* you do it in a new window. If you then try a second time, the javascript is evaluated as expected.
(Reporter)

Comment 1

12 years ago
Just to be extra-clear, the correct behavior (IMHO) is that javascript: urls should *never* be fixed up.

However, even if you disagree with that, they should not be fixed up when fixup is off.
Do you still see the same thing in Safe Mode, or with a new profile, to eliminate the possibility of extension interference? I use javascript: URLs to the extent of using them as a calculator when I can't remember what 7*9 is, and I've never seen one go through fixup.
(Reporter)

Comment 3

12 years ago
You may be on to something. I tried this on two different machines, running Linux and Windows, before I opened this bug just to be sure.  Nevertheless, when I ran in safe mode, I didn't see the behavior so there may be extension interference.  I will see what extensions they have in common and try disabling those.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 12 years ago
Resolution: --- → WORKSFORME

Comment 4

10 years ago
I just tried a new profile with the latest trunk build and confirmed this.

1. type javascript:alert("hi");
2. Press Shift+enter
3. url becomes http://www.javascript:alert("hi");.net/

Comment 5

10 years ago
sorry for bugspam, but the fix would be to change the regex in the canonizeUrl function in browser.js from:

/^(www|https?)\b|\/\s*$/

to:

/^(javascript|www|https?)\b|\/\s*$/

To test the change, I hacked the function with userChrome.js and it fixed it.
(Reporter)

Comment 6

10 years ago
Why was this bug resolved?  It was confirmed and a patch was even given.  WORKSFORME?  I can still reproduce this.
(Reporter)

Updated

10 years ago
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.