[HTTPS-E Rulesets] Fixed ruleset for Yahoo! Mail
David Dernoncourt
patheticcockroach at yahoo.com
Mon Jan 23 12:57:23 PST 2012
Since I see Seth David Schoen is no longer AFK: the Yahoo! Mail rules you added for testing there
https://gitweb.torproject.org/https-everywhere.git/blob_plain/HEAD:/src/chrome/content/rules/YahooNew.xml
are broken, as mentioned in my previous message:
---
I noticed that you replaced (.+) with ([^/:@\.]+) in the last
rule. Not matching the dot will break it because Yahoo uses
subdomains 2 levels deeper than mail.yahoo.com. For instance my
mailbox is on us.mg5.mail.yahoo.com. Is it a security issue to
match dots? If so, the following should be fine:
<rule
from="^http://([a-z0-9]+)\.([a-z0-9]+)\.mail\.yahoo\.com/"
to="https://$1.$2.mail.yahoo.com/" />
Plus maybe (not required for me but maybe it can happen to have
only 1 level deeper than mail.yahoo.com?):
<rule from="^http://([a-z0-9]+)\.mail\.yahoo\.com/"
to="https://$1.mail.yahoo.com/" />
More information about the HTTPS-Everywhere-Rules
mailing list