All users were logged out of Bugzilla on October 13th, 2018

Link hover in location bar: truncate host at start, not end

RESOLVED WONTFIX

Status

()

RESOLVED WONTFIX
8 years ago
5 years ago

People

(Reporter: adw, Unassigned)

Tracking

Trunk
Points:
---

Firefox Tracking Flags

(blocking2.0 -)

Details

(Reporter)

Description

8 years ago
Currently when we show the moused-over link in the location bar, the host portion is truncated at the end if it needs to be truncated at all.  To help prevent phishing attacks, we should instead truncate it at the start so that subdomains are truncated.  From Limi's bug 587908 comment 95:

* For phishing reasons, we should also truncate subdomains when we run out of
space, like this:

http://www.friendly.reader.google.com.somephishingdomain.com/someverylongelementgoeshere

becomes

  …somephishingdomain.com/…goeshere

Updated

8 years ago
Whiteboard: [sg:want]

Comment 1

8 years ago
nominating due to security issue
blocking2.0: --- → ?
It's sg:want, which doesn't mean we absolutely need it.  Too late in the 4.0 game to consider this as something we'd block the release on.
blocking2.0: ? → -

Comment 3

8 years ago
Why not truncating in the middle? That would show the domain in the front an the (potential) target in the back.

Another point: Why is it truncated at all at half of the screen size? There are another 50% of space to show most of the URL.
(Reporter)

Comment 4

8 years ago
Resolving wontfix since bug 541656 landed.
Status: NEW → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → WONTFIX
Whiteboard: [sg:want]

Comment 5

8 years ago
http://www.friendly.reader.google.com.somephishingdomain.com/someverylongelementgoeshere

on 4.0rc this still gives the phishing opportunity when the window is small

why not implement the suggestion?
(Reporter)

Comment 6

8 years ago
Because links aren't shown in the location bar anymore.  File a new bug about the status overlay if you want.
You need to log in before you can comment on or make changes to this bug.