[HTTPS-Everywhere] loose rulesets (hostname termination)
Seth David Schoen
schoen at eff.org
Mon Sep 27 10:15:21 PDT 2010
Daniel Kahn Gillmor writes:
> hey folks--
>
> this might be nit-picking, but i'm a bit concerned that some of the
> rulesets i see in the git repo are too loose.
>
> For example, NYTimes.xml contains:
>
> > <ruleset name="NYTimes">
> > <rule from="^http://(www\.)?nytimes\.com" to="https://www.nytimes.com"/>
> > </ruleset>
>
> which matches things like http://nytimes.commerce.com/, afaict.
This is what we discussed earlier as the "trailing slash issue". There
is a bug in our bug tracker about it and my conclusion is that every
rule should include a trailing slash; the ones that don't are buggy for
exactly the reason you mention. I think I have a longer discussion of
this somewhere in the mailing list archives. :-)
--
Seth Schoen
Senior Staff Technologist schoen at eff.org
Electronic Frontier Foundation https://www.eff.org/
454 Shotwell Street, San Francisco, CA 94110 +1 415 436 9333 x107
More information about the HTTPS-everywhere
mailing list