When "http://" is in front of a V3 link, Tor browser will search the text after "http://" on duckduckgo or any default search engine you use.

added component::applications/tor browser owner::tbb-team priority::immediate reporter::Dbryrtfbcbhgf resolution::not a bug severity::critical status::closed type::defect labels

When I changed my default search engine to twitter under preferences and it will send twitter the V3 unencrypted link! https://twitter.com/search?q=%E2%80%8Bhttp%3A%2F%2Fozmh2zkwx5cjuzopui64csb5ertcooi5vya6c2gm4e3vcvf2c2qvjiyd.onion&partner=Firefox&source=desktop-search. Some of the links on https://trac.torproject.org/projects/tor/wiki/doc/NextGenOnions start with "https://" and they are effected by this bug.

Trac:
Username: Dbryrtfbcbhgf

Trac:
Username: Dbryrtfbcbhgf
Summary: When "http://" is in front of a V3 link, Tor browser will search the text after "http://" on duckduckgo to When "http://" is in front of a V3 link, Tor browser will search the text after "http://" on duckduckgo or any default search engine you use.

Does it happen in stable (7.0.6) too?

Did you change anything in your 7.5a5?

Are you sure you're putting it into the url bar?

This sounds like a "surely that behavior doesn't actually happen" situation.

This was a fresh install of 7.5a5 and I set the security settings to high then all I do it copy http://ozmh2zkwx5cjuzopui64csb5ertcooi5vya6c2gm4e3vcvf2c2qvjiyd.onion and paste it into the url bar, and it searches it with my default search engine. After another fresh install the bug is not occurring, But I got a screen recording while it was occurring the first time. Here is the screen recording https://www.expirebox.com/download/530f37ff9425617b71855c6e6e3f428d.html

Trac:
Username: Dbryrtfbcbhgf

In the first part of the video when I paste the link into the url bar there is a popup right under the url bar that says the link url and -- Search with duckduckgo. This occurs on 00:01 in the video. and it does not seam to occur on 7.0.6

Trac:
Username: Dbryrtfbcbhgf

I'm pretty sure you modified the option for search suggestions in about:preferences#search.

Replying to cypherpunks:

I'm pretty sure you modified the option for search suggestions in about:preferences#search. I just downloaded Tor Browser form https://dist.torproject.org/torbrowser/7.5a5/ Then I opened it and changed the security settings to high, I then opened when to https://trac.torproject.org/projects/tor/wiki/doc/NextGenOnions in Safari and copied http://ozmh2zkwx5cjuzopui64csb5ertcooi5vya6c2gm4e3vcvf2c2qvjiyd.onion and pasted it into Tor Browser 7.5a5 and then I recorded the bug and reported it. I did not change anything else before the recording. Enabling "Provide search Suggestions" does cause the bug to occur but I did not manually enable them after the fresh install.

Trac:
Username: Dbryrtfbcbhgf

Replying to Dbryrtfbcbhgf:

Enabling "Provide search Suggestions" does cause the bug to occur but I did not manually enable them after the fresh install.

So it's enabled in about:preferences#search for your fresh install?

I can Confirm that that option is disabled and I was able to capture another video reproducing the bug while the option is DISABLED, I captured my old Tor Browser data file. Here it is, both the torbrowser-data and the new video https://www.expirebox.com/download/d9d3fe690a576051e0694686b46f8dc6.html The odd thing is that the bug does not always occur.

Trac:
Username: Dbryrtfbcbhgf

Oh right I only understood the issue now, it's not about providing search suggestions but it would go to the DuckDuckGo search engine directly. Nice catch! This happened for 7.5a4 FWIW (BTW it happened for me sometimes when selecting the URL of some links in DDG and displacing it to a new tab, a DDG search would happen despite the URL having https://)

Replying to cypherpunks:

Oh right I only understood the issue now, it's not about providing search suggestions but it would go to the DuckDuckGo search engine directly. Nice catch! (BTW it happened for me sometimes when selecting some links and taking them to a new tab, a DDG search would happen despite the URL having https://) Great, thanks cypherpunks for the confirmation that your were also able to reproduce the bug.

Trac:
Username: Dbryrtfbcbhgf

Next thought, I wonder if what you are pasting has some letters at the front, before the http://.

Replying to arma:

Next thought, I wonder if what you are pasting has some letters at the front, before the http://. In the video I made, it shows that there is no space nor no extra characters before HTTP https://www.expirebox.com/download/d9d3fe690a576051e0694686b46f8dc6.html

Trac:
Username: Dbryrtfbcbhgf

I would guess that this is partially a Trac issue. It's what arma said in comment:12. Trac puts a little icon in front of external links, and the icon is actually a span element that contains a zero-width space (U+200B). It's the presence of this invisible character that makes the browser go to a search engine.

If you copy the link and are very careful not to include the icon when you highlight, then it will work and not go to a search engine. Also if you right-click and Copy Link Location.

Try copying a link and pasting it into a Vim buffer. Vim will make the zero-width space visible and color it blue:

<code><span style="color: blue;">&lt;200b&gt;</span>http://ozmh2zkwx5cjuzopui64csb5ertcooi5vya6c2gm4e3vcvf2c2qvjiyd.onion</code>

The same thing happens with non-onion links, like the one Dbryrtfbcbhgf posted in comment:13.

Replying to dcf:

Trac puts a little icon in front of external links, and the icon is actually a span element that contains a zero-width space

Try pasting the highlighted stuff into the tor browser window directly. If it's a real http url, it will try to load. If it is not, it will do nothing.

Trac:
Resolution: N/A to not a bug
Status: new to closed

closed

moved to tpo/applications/tor-browser#23686 (closed)

When "http://" is in front of a V3 link, Tor browser will search the text after "http://" on duckduckgo or any default search engine you use.

Child items ...

Activity