User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.9a7pre) Gecko/2007071304 Minefield/3.0a7pre Build Identifier: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.9a7pre) Gecko/2007071304 Minefield/3.0a7pre Bug 366797 (Revise the Location Bar (highlight effective domain, decode URLs, add overflow ellipsis & tooltip)) has landed and allows Firefox to "Make the domain name within the URL bold or otherwise highlighted to reduce the spoofing risks of complex URLs". However, this only works when the user has already visited the site. By including this same highlighting in the Status Bar when a user hovers over a link, it will enhance security. Reproducible: Always Steps to Reproduce: 1. Hover over link. 2. Observe link URL displayed in status bar. Actual Results: All characters in URL are equally highlighted. Expected Results: Effective domain is highlighted when viewed in status bar.
reading the grayed out text in the statusbar could be real difficult, probably a different solution could be found
Status: UNCONFIRMED → NEW
Ever confirmed: true
Created attachment 8531107 [details] Link URL displayed as tooltip at the bottom of the page To revive this bug I attached a screenshot of how this currently (FF 34.0) looks like. I'd expect to see at least the URL's domain (here 'gmx.net') be highlighted. The best would be, though, to also highlight domains in parameters (here 'paypal.com') as they are often used as redirection target. As mentioned in comment 0 this is especially important to protect people against spoofing links (linking to malicious websites). Sebastian
As this is a security relevant feature, I believe it's worth putting on the backlog. Sebastian
Created attachment 8531125 [details] Link URL with highlighted domains Here's a mockup for how this could look like. (The colors used refer to the ones in Australis.) This is a simple solution. It actual solution may even differentiate between the page's domain and the parameter domain(s). Sebastian
Flags: firefox-backlog? → firefox-backlog+
You need to log in before you can comment on or make changes to this bug.