search

mozilla-mobile / firefox-ios

Firefox for iOS
Mozilla Public License 2.0
12.25k stars 2.95k forks source link

URL Bar is for URLs #23025

Open SouthFresh opened 2 weeks ago

SouthFresh commented 2 weeks ago

Steps to reproduce

  1. Open Firefox iOS
  2. Go to Google/Bing
  3. Search for term, like "Firefox"
  4. On results page, tap URL bar to edit URL.

Expected behavior

The expected behavior is that I should be able to see and/or edit the URL.

Actual behavior

Only the search term is now visible. On its face, this feature may seem like it is a benefit, but it is instead a security flaw. The URL bar should always reveal the URL to ensure the page being viewed is in fact the intended page. Currently the only way to confirm the URL is:

  1. Tap+hold on the URL bar
  2. Copy URL
  3. Tap URL bar again
  4. Paste URL
  5. edit/review

This behavior should be optional at worst, and abandoned at best. Obfuscating the URL from the end user is dangerous.

Device & build information

Obfuscating the URL bar is absolutely a security flaw that should be abandoned. The typical end-user is not likely to go through the process required to ensure they are clicking on links from the right place, which means that any mismatch between where the browser should be vs where it is is likely to be completely lost to the typical end-user.

┆Issue is synchronized with this Jira Task

PARAIPAN9 commented 2 weeks ago

Thanks @SouthFresh for opening this issue.

data-sync-user commented 2 weeks ago

➤ Andres Furlan commented:

Nive Suresh can you check this bug?