User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0 Build ID: 20180517113820 Steps to reproduce: I created this test page: https://www.w3schools.com/code/tryit.asp?filename=FSB2DJHIGFTV What I did was run the example code, multiple times hover over the created link and then clicked it Actual results: when hovering over the link it shows safesite.com when clicking it, it opens malicioussite.com Expected results: When both hovering and clicking the link, it should show or open malicioussite.com Optionally, a page with the code snippet with both onmouseover and onmouseout on an <a> element that change its own url should maybe be concidered a possibly fraudulent website.

This is not fixable without solving the halting problem. See the duplicate bug, which was resolved wontfix.

:Gijs You make a good point about the general case, however perhaps you did not try coolcat_the_best2's test code. The first time you click the link, Firefox *does* update the URL preview. It only doesn't on subsequent clicks. But if you have a touchscreen, it updates every time. This inconsistent behaviour is better addressed by bug #1433319, which I have just updated with some more details based on this testing. I suggest duping to that bug instead.

(In reply to Paul from comment #2) > :Gijs You make a good point about the general case, however perhaps you did > not try coolcat_the_best2's test code. The first time you click the link, > Firefox *does* update the URL preview. It only doesn't on subsequent clicks. > But if you have a touchscreen, it updates every time. > > This inconsistent behaviour is better addressed by bug #1433319, which I > have just updated with some more details based on this testing. I suggest > duping to that bug instead. Eh, bug 1438660 has specific pointers to what code needs updating, so I've duped both your suggestion and this bug to that one. That said, I continue to believe that we shouldn't bother attempting to fix this, though not strongly enough to object should someone write a patch.

Thanks, good solution. The great number of reports against this family of issues shows that it does violate the Law of Least Astonishment. Especially the inconsistency.