when you go on a webpage , the location bar shows only the title , so, if the user want verify the URL , the User must click on the location bar
STR(step1) - Go to this PoC (click on the link named "Clickme for use an URL Spoofing attack")
(step2) - You will go on a phishing webpage which has an URL with special length , (Thus, in the previously page [the PoC which has leads to this phishing web page], this page could do a calculation to define the size of the URL which leads to a vulnerability of location bar spoofing) because when the user clicks on the Location Bar, these are the last characters which are shown to the trapped user and this leads to an URL Spoofing.