Wednesday, December 30, 2009

Short URL Security Fix

Here's a bug report / enhancement request I just posted to Mozilla Firefox.

Summary: Mouse-over shortened URL should expand/resolve it in lower left status line

This is a security enhancement. Shortened URLs, such as from bit.ly, tr.im, and ow.ly, to name the more obvious ones, pose a serious security risk, since they may point to malicious pages. However, users of Facebook, Twitter, etc. have little choice but to click them, and trust their friends.

Currently if you mouse-over a short-url, just the short-url itself appears in the lower left status area, which is useless. However it would be way cool if you would please resolve and show me the true url there. Then if it resolves to "evil.ru", I have a fighting chance to not click on it.

Reproducible: Always

Actual Results: Mouse-over of compressed-url just shows the compressed url in status area.

Expected Results: Firefox should resolve the compressed url and display the true expanded url.

Additional Information: Also consider doing what IE does [yes, it does have a decent feature here and there] and when displaying the fully expanded URL, show the root domain in bold type, so the [idiot] user can pick it out of what may be a lot of obfuscation.


Thanks!

Labels: , , , , ,