Hey all. I wanted to highlight some of the URL bar changes we did recently.
Our goal was to address the following spoofing issues: - https://bugzilla.mozilla.org/show_bug.cgi?id=1018994 - https://bugzilla.mozilla.org/show_bug.cgi?id=1236431 Historically the URL bar has been serving two purposes: (1) Showing the location/address of the document you are viewing (2) Showing the security level and/or "who" you are connected to To address the spoofing issues we decided to rank (2) (Who am I connected to and is this secure?) higher. Some of those changes only affect mobile phones and we explicitly excluded tablets. Changes: * Removing favicon from URL bar (Bug 1018994 <https://bugzilla.mozilla.org/show_bug.cgi?id=1018994>). From now on we only show the site security icon in the URL bar. Previously a "green lock favicon" could be used to trick the user into thinking the site would be served using a secure SSL connection: https://bugzilla.mozilla.org/attachment.cgi?id=8688151 * Showing a shortened URL: public suffix + 1 (Bug 1236431 <https://bugzilla.mozilla.org/show_bug.cgi?id=1236431>). Previously long sub domains could move the actual domain out of sight and therefore be used to pretend to be a different site: https://bug1236431.bmoattachments.org/attachment.cgi?id=8703513 More about public suffix here: https://publicsuffix.org/learn/ * Showing the organization instead of the URL if an EV certificate is used (Bug 1249594 <https://bugzilla.mozilla.org/show_bug.cgi?id=1249594>). This is something you might have seen on desktop. On desktop there's more space to show the organization and the URL. On mobile we decided to just show the organization. All those changes only affect how we display something in the URL bar. Clicking on the URL bar will always reveal the full URL and allow to edit it. Best, Sebastian
_______________________________________________ mobile-firefox-dev mailing list mobile-firefox-dev@mozilla.org https://mail.mozilla.org/listinfo/mobile-firefox-dev
