[HTTPS-E Rulesets] google rules break when javascript is disabled
Peter Eckersley
pde at eff.org
Tue Sep 6 16:54:25 PDT 2011
Interesting observation. I guess even those of us who use NoScript often
wind up whitelisting google.com. There are some corner-case privacy reasons
to prefer search terms in the fragment, but I think supporting Javascript
disablement is more important.
Unfortunately your current patch probably breaks Firefox-branded search, but we
can figure out a version that doesn't.
On Sat, Sep 03, 2011 at 11:49:06AM +0200, Alan Barrett wrote:
> The default rules in version 1.0.1 of the HTTPS-Everywhere Firefox
> plugin convert http://www.google.<country>/search?q=foo to
> https://encrypted.google.com/#q=foo. This doesn't work if
> javascript is disabled. You should convert it to
> https://encrypted.google.com/search?q=foo instead.
>
> This patch seems to work for me:
>
> --- old/default.rulesets
> +++ new/default.rulesets
> @@ -3052,13 +3052,13 @@
> <rule
> from="^http://(www\.)?google\.[^/@:][^/@:]/(search\?|firefox|#)"
> - to="https://encrypted.google.com/#" />
> + to="https://encrypted.google.com/$2" />
> <!-- some look like "google.co.jp" -->
> <!-- and some crazy ones like "google.com.au" -->
> <rule
> from="^http://(www\.)?google\.com?\.[^/@:][^/@:]/(search\?|firefox|#)"
> - to="https://encrypted.google.com/#" />
> + to="https://encrypted.google.com/$2" />
> <!-- Completion urls look like this:
> http://clients2.google.co.jp/complete/search?hl=ja&client=hp&expIds=17259,24660,24729,24745&q=m&cp=1 HTTP/1.1\r\n
>
>
> Thanks for making HTTPS-Everywhere available. I am not subscribed
> to this mailing list, so please bear that in mind if you need to
> reply to me.
>
> --apb (Alan Barrett)
--
Peter Eckersley pde at eff.org
Technology Projects Director Tel +1 415 436 9333 x131
Electronic Frontier Foundation Fax +1 415 436 9993
More information about the HTTPS-Everywhere-Rules
mailing list