STR: 1. Visit this URL (note: the ip address is from the demo page badssl.com): https://104.154.89.105/?aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa=bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb 2. Look at your URL bar. ACTUAL RESULTS: "https" is outside the URL bar, overlapping the back button. EXPECTED RESULTS: https should remain inside URL bar.

This was initially reported in bug 1480355 comment 6. I'm spinning it off to this bug so it's got its own dedicated spot for investigation/fix. I think this was likely a regression from bug 1480355. At least, I got this partially-narrowed regression range: https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=588a314db0d5d2f7d1b758d09f170e3afb1283a3&tochange=d9e6ce390607ad8c227adc2ad2ff3cac89a814bc ...which includes that bug's fix. (For at least a few days before the start of that ^^ regression range, "https" looks like it's in the wrong position (shifted down somewhat) but it's inside the URL bar at least.)

(In reply to Daniel Holbert [:dholbert] from comment #0) > STR: > 1. Visit this URL (note: the ip address is from the demo page badssl.com): > https://104.154.89.105/ > ?aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa > aaaaaaaaaaaaaa=bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb > bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb > bbbbbbbbbbbbbbb > > 2. Look at your URL bar. I forgot to include, optional step 1b (sometimes necessary): 1b. click through the cert error page to add an exception.

FWIW, while obviously we need to fix this as filed, and ensure that scrolling the URL bar for non-IP addresses doesn't have the same problem, we also really need to make sure that the host is visible in the URL bar, instead of the tail end of the URL.

Just to add more info: this problem has been changing slightly over time and I bisected its history to help out. Note: it's not necessary to have a broken cert, any https:// url long enough to overflow will do.

Starting in late July, probably from bug 1419391 (this I didn't confirm), the https:// shows up when the URL is scrolled to the end. I believe this is intentional, but it has a slightly weird interaction when scrolling the URL bar using the mouse wheel or two-finger gestures (see video), because it only shows up when the scrolling reaches the very end.

Then, in the beginning of August, bug 1470910 landed and caused the https:// box to show off center when doing the same action as the video (scrolling a long url to the end)

(In reply to :Felipe Gomes (needinfo me!) from comment #7) > Note: it's not necessary to have a broken cert, any https:// url long enough > to overflow will do. Yes, though it also seems that having an IP address as the host here causes breakage in some of the checks we use because of their non-directionality (as opposed to clearly-ltr hosts, like all non-IDN ones that use non-IDN gTLDs), so the URL is scrolled to the end from the beginning, unlike "normal" URLs.

And then, a couple of days later, bug 1480355 landed and caused the https:// box to show underneath the back button

(In reply to :Gijs (he/him) from comment #10) > Yes, though it also seems that having an IP address as the host here causes > breakage in some of the checks we use because of their non-directionality > (as opposed to clearly-ltr hosts, like all non-IDN ones that use non-IDN > gTLDs), so the URL is scrolled to the end from the beginning, unlike > "normal" URLs. Ah so that explains why it's easier to see the problem with an IP address URL

Bug 1470910 broke the positioning because it changed the tag name of .urlbar-input-box but didn't update the related rule in browser.css, and then bug 1480355 landed and made it worse. This patch fixes the first problem by updating the tag name in the CSS, and it fixes the second problem (and bug 1480355) by setting `direction: ltr` on .urlbar-input-box.

Comment on attachment 9003275 [details] Bug 1483122 - "https" is pushed off left edge of address bar (overlapping buttons!) for long URLs with broken cert configurations :Gijs (he/him) has approved the revision.

Pushed by dwillcoxon@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/265d09efe73f "https" is pushed off left edge of address bar (overlapping buttons!) for long URLs with broken cert configurations r=Gijs

I verified this issue on Mac OS X 10.12, Ubuntu 16.04 and Windows 10 with FF Nightly 63.0a1(2018-08-23) LTR build and RTL build and I can confirm the fix.