Any Protocol other than http not working - their content is sent to default search engine (Eg: ftp://ipaddr, blob:somebloburl, javascript:somecode This all goes to search engine

[bsclifton]

cc: @deeppandya @SergeyZhukovsky

[tathastu871]

cc: @deeppandya @SergeyZhukovsky

Even ftp sites and blob urls generated via javascript are going through engine

Try searching ftp://xxx.xxx.xx.x:443 it goes through google search

Any Explicitly defined protocol by user

regex of search query ^(ftp|http|ftps|https|javascript|blob):.* Must not go through search engine

CURRENT WORKAROUND STORE IN BOOKMARKS THEN ACCESS

ALSO FTP SITES CANNOT BE OPENED WHY IT POPUP INTENT INTERCEPT AND FAILS

[deeppandya]

CC @fmarier what do you think of the issue in terms of security concerns ?

[fmarier]

I believe that javascript: is banned from direct navigations (with the exception of bookmarks) on purpose because it has caused lost of issues in the past. I imagine blob: URLs are blocked for similar reasons, but I also don't see how they could even make sense typed directly in the URL bar.

ftp is not supported by Chromium anymore and so it's not a recognized protocol and is expected to have the same behavior as trying to navigate to gopher://example.com (also not supported).

[tathastu871]

cors will already prevent malicious javascript urls being ran on location.href atleast user needs to run bookmarklets, Brave doesnt have devtools or extension where user can do web testing bookmarklets are only option

[tathastu871]

18671

Just give a thought