When I type URL into chromium URL bar, ie http://10.10.10.3:80
and the server is currently unreachable, when I wand chromium to stop trying to load, and I press the "stop loading this page" button, the URL disappears. This is evil!
Lets say, I have the port wrong, so I want to try again with another port. I have to type the whole URL again.
When I press the "stop loading this page" button, the URL should stay there as I typed it, so that I can correct it.
Instead, it is replaced by the "last successful URL" that was there before.
is there a way to fix this evil feature?
Best Answer
This behavior is by design and a few years ago the developers of all browsers made a big effort to make it impossible to have a page displayed with the wrong URL. This was actually possible before, until this technique started being used by malware.
The behavior you are asking for is a security hole. If it was possible to display a page with the wrong URL, an attacker could display the URL of your bank together with his own page, this way getting you to type in your account number and password, then emptying all your accounts. This did actually happen, until this loophole was closed.
Showing a wrong URL is only possible on the new-tab page, where it happens automatically. The reason it works here is that there is no real page being displayed, so there is no security reason not to display the entered (wrong) URL.
This behavior is not particular to Chromium. Every browser I have encountered does exactly the same, as this is the secure thing to do.
In addition, browser developers even made it impossible for a thrown dialog to obscure the address bar, since this technique was immediately used by attackers when it became impossible to modify the URL itself, to mimic a false address bar.
The only solution I can offer is to copy a long typed URL before hitting Enter, and this is what I already do. You should get into the habit of doing CtrlA and CtrlC before, just in case.
Here is how an attacker can use the option you ask for to get your bank login:
attacker.com/exploit
which looks exactly like your bank, except that the address bar gives it away.