Google Blogoscoped


Google Chrome removes "javascript:" pasted on Omnibox automatically

Cookie Lee [PersonRank 9]

Friday, June 17, 2011
11 years ago8,698 views

I'm using Google Chrome 14.0.794.0 Dev. Today when I tried to copy & paste the following JavaScript into Omnibox:

   javascript:var num=3;alert(num*num);

   I found out that only "var num=3;alert(num*num);" was pasted. I also Ctrl+Ved in Notepad, and the whole script was pasted, so Google Chrome must have removed the "javascript:" part automatically. For the script to work, I have to type "javascript:" manually. This looks like a phishing-preventing function for me.

TOMHTML [PersonRank 10]

11 years ago #

Hi Cookie Lee,
I don't have any Chrome/Chromium browser on my computer currently, but I remember I've seen an option (or a "flag" ?) recently in Chrome about JavaScript and browser history. Perhaps it's related to your problem. Hope this help!

Ludwik Trammer [PersonRank 10]

11 years ago #

That's right, it works like that for me too. The "javascript:" part is always removed from the beginning of a string paster into omnibox. Definitely phishing/facebook hacking prevention.

What's ironic there is a really simple workaround – both for Cookie Lee and for hackers. You can just add " " (space) before "javascript:". The space will be automatically trimmed by Chrome, but "javascript:" will be left intact.

Forum home


Blog  |  Forum     more >> Archive | Feed | Google's blogs | About


This site unofficially covers Google™ and more with some rights reserved. Join our forum!