Bug 1841869 - entering "abc @xyz.[TLD]" in address bar opens a prompt regarding loading "xyz.[TLD]" instead of searching for "abc @xyz.[TLD]" on the default search engine.r=adw

Differential Revision: https://phabricator.services.mozilla.com/D198196

browser/components/urlbar/UrlbarUtils.sys.mjs

@@ -2167,10 +2167,7 @@ export class UrlbarQueryContext {
       }
 
       try {
-        let info = Services.uriFixup.getFixupURIInfo(
+        let info = Services.uriFixup.getFixupURIInfo(this.searchString, flags);
-          this.trimmedSearchString,
-          flags
-        );
 
         this._fixupInfo = {
           href: info.fixedURI.spec,

browser/components/urlbar/tests/unit/test_providerHeuristicFallback.js

@@ -702,6 +702,65 @@ add_task(async function () {
   await PlacesUtils.history.clear();
 });
 
+add_task(async function dont_fixup_urls_with_at_symbol() {
+  info("don't fixup search string if it contains no protocol and spaces.");
+  let query = "Lorem Ipsum @mozilla.org";
+  let context = createContext(query, { isPrivate: false });
+  await check_results({
+    context,
+    matches: [
+      makeSearchResult(context, {
+        engineName: SUGGESTIONS_ENGINE_NAME,
+        heuristic: true,
+      }),
+    ],
+  });
+
+  query = "http://Lorem Ipsum @mozilla.org";
+  context = createContext(query, { isPrivate: false });
+  await check_results({
+    context,
+    matches: [
+      makeVisitResult(context, {
+        source: UrlbarUtils.RESULT_SOURCE.OTHER_LOCAL,
+        uri: `http://Lorem%20Ipsum%20@mozilla.org/`,
+        fallbackTitle: `${query}/`,
+        heuristic: true,
+      }),
+    ],
+  });
+  query = "https://Lorem Ipsum @mozilla.org";
+  context = createContext(query, { isPrivate: false });
+  await check_results({
+    context,
+    matches: [
+      makeVisitResult(context, {
+        source: UrlbarUtils.RESULT_SOURCE.OTHER_LOCAL,
+        uri: `https://Lorem%20Ipsum%20@mozilla.org/`,
+        fallbackTitle: `${query}/`,
+        heuristic: true,
+      }),
+    ],
+  });
+
+  query = "LoremIpsum@mozilla.org";
+  context = createContext(query, { isPrivate: false });
+  await check_results({
+    context,
+    matches: [
+      makeVisitResult(context, {
+        source: UrlbarUtils.RESULT_SOURCE.OTHER_LOCAL,
+        uri: `http://${query}/`,
+        fallbackTitle: `http://${query}/`,
+        heuristic: true,
+      }),
+      makeSearchResult(context, {
+        engineName: SUGGESTIONS_ENGINE_NAME,
+      }),
+    ],
+  });
+});
+
 /**
  * Returns an array of code points in the given string.  Each code point is
  * returned as a hexidecimal string.

docshell/base/URIFixup.sys.mjs

@@ -161,6 +161,13 @@ ChromeUtils.defineLazyGetter(
     /^(?:[a-z+.-]+:\/*(?!\/))?\[(?:[0-9a-f]{0,4}:){0,7}[0-9a-f]{0,4}\]?(?::\d+|\/)?/i
 );
 
+// Regex used to detect spaces in URL credentials.
+ChromeUtils.defineLazyGetter(
+  lazy,
+  "DetectSpaceInCredentialsRegex",
+  () => /^[^/]*\s[^/]*@/
+);
+
 // Cache of known domains.
 ChromeUtils.defineLazyGetter(lazy, "knownDomains", () => {
   const branch = "browser.fixup.domainwhitelist.";
@@ -277,6 +284,7 @@ URIFixup.prototype = {
 
   getFixupURIInfo(uriString, fixupFlags = FIXUP_FLAG_NONE) {
     let isPrivateContext = fixupFlags & FIXUP_FLAG_PRIVATE_CONTEXT;
+    let untrimmedURIString = uriString;
 
     // Eliminate embedded newlines, which single-line text fields now allow,
     // and cleanup the empty spaces and tabs that might be on each end.
@@ -379,7 +387,11 @@ URIFixup.prototype = {
     // Avoid fixing up content that looks like tab-separated values.
     // Assume that 1 tab is accidental, but more than 1 implies this is
     // supposed to be tab-separated content.
-    if (!isCommonProtocol && lazy.maxOneTabRegex.test(uriString)) {
+    if (
+      !isCommonProtocol &&
+      lazy.maxOneTabRegex.test(uriString) &&
+      !lazy.DetectSpaceInCredentialsRegex.test(untrimmedURIString)
+    ) {
       let uriWithProtocol = fixupURIProtocol(uriString);
       if (uriWithProtocol) {
         info.fixedURI = uriWithProtocol;

docshell/test/unit/test_URIFixup.js

@@ -69,6 +69,35 @@ var data = [
     wrong: "whatever://this/is/a/test.html",
     fixed: "whatever://this/is/a/test.html",
   },
+  {
+    // Spaces before @ are valid if it appears after the domain.
+    wrong: "example.com/ @test.com",
+    fixed: "http://example.com/%20@test.com",
+    noPrefValue: "http://example.com/%20@test.com",
+  },
+];
+
+var dontFixURIs = [
+  {
+    input: " leadingSpaceUsername@example.com/",
+    testInfo: "dont fix usernames with leading space",
+  },
+  {
+    input: "trailingSpacerUsername @example.com/",
+    testInfo: "dont fix usernames with trailing space",
+  },
+  {
+    input: "multiple words username@example.com/",
+    testInfo: "dont fix usernames with multiple spaces",
+  },
+  {
+    input: "one spaceTwo  SpacesThree   Spaces@example.com/",
+    testInfo: "dont match multiple consecutive spaces",
+  },
+  {
+    input: " dontMatchCredentialsWithSpaces: secret password @example.com/",
+    testInfo: "dont fix credentials with spaces",
+  },
 ];
 
 var len = data.length;
@@ -121,3 +150,20 @@ add_task(function test_true_pref_fixes_typos() {
     Assert.equal(preferredURI.spec, item.fixed);
   }
 });
+
+add_task(function test_dont_fix_uris() {
+  let dontFixLength = dontFixURIs.length;
+  for (let i = 0; i < dontFixLength; i++) {
+    let testCase = dontFixURIs[i];
+    Assert.throws(
+      () => {
+        Services.uriFixup.getFixupURIInfo(
+          testCase.input,
+          Services.uriFixup.FIXUP_FLAG_FIX_SCHEME_TYPOS
+        );
+      },
+      /NS_ERROR_MALFORMED_URI/,
+      testCase.testInfo
+    );
+  }
+});