[HTTPS-E Rulesets] Possible fixes - BBC, Beta & Cie, BBB, Internap, Pastebin.com, Utah Education Network

Christopher Liu cmliu00151 at gmail.com
Sun Nov 25 21:39:17 PST 2012


To whom it may concern:

This message concerns defects in existing rulesets of the stable branch.

BBC: The rule that deals with playlists.bbc.co.uk/crossdomain.xml
appears to break most audio players, such as the one in the article
http://www.bbc.co.uk/news/science-environment-20026938 (specifically,
it displays a message "This content doesn't seem to be working. Try
again later."). It should be changed to only match https (that is,
remove the question mark).

Beta & Cie: Regarding the FMyLife image issue reported as ticket 7427,
the problem seems to be that cdn.betacie.com no longer has equivalent
content to .net. Fortunately, it now has a valid cert and so can be
handled as is.
I did test the homepage as well as a few individual stories.

Better Business Bureau: It appears that the rule
from="^https?://(?:www\.)?sanjose\.bbb\.org/"
to="https://bbbsilicon.org/" was intended to be positioned above the
one that deals with arbitrary bbb.org subdomains. As it currently
stands, the rule in question will never be matched.

Internap: The rule that deals with promo.internap.com/ImgHost/ seems
to have a typo in the "to" attribute, which I assume should read
https://app.manticoretechnology.com/ImgHost/ . However, I haven't yet
found an example of where this is used.

Pastebin.com: The site appears to have stopped "support[ing]
encryption of raw blobs," at least for non-logged-in readers (and
possibly anyone without a premium subscription). Therefore, the
raw.php coverage should be removed; the rest of the ruleset still
seems to work fine.

Utah Education Network: In the rule from="^http://uen\.org/"
to="https://www.eun.org/", the "to" field appears to have a typo; it
should be u e n like in the rest of the ruleset.


As usual, thank you for your hard work.
C. Liu




More information about the HTTPS-Everywhere-Rules mailing list