All users were logged out of Bugzilla on October 13th, 2018
Currently when we show the moused-over link in the location bar, the host portion is truncated at the end if it needs to be truncated at all. To help prevent phishing attacks, we should instead truncate it at the start so that subdomains are truncated. From Limi's bug 587908 comment 95: * For phishing reasons, we should also truncate subdomains when we run out of space, like this: http://www.friendly.reader.google.com.somephishingdomain.com/someverylongelementgoeshere becomes …somephishingdomain.com/…goeshere
nominating due to security issue
blocking2.0: --- → ?
It's sg:want, which doesn't mean we absolutely need it. Too late in the 4.0 game to consider this as something we'd block the release on.
blocking2.0: ? → -
Why not truncating in the middle? That would show the domain in the front an the (potential) target in the back. Another point: Why is it truncated at all at half of the screen size? There are another 50% of space to show most of the URL.
Resolving wontfix since bug 541656 landed.
Status: NEW → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → WONTFIX
http://www.friendly.reader.google.com.somephishingdomain.com/someverylongelementgoeshere on 4.0rc this still gives the phishing opportunity when the window is small why not implement the suggestion?
Because links aren't shown in the location bar anymore. File a new bug about the status overlay if you want.
You need to log in before you can comment on or make changes to this bug.