[HTTPS-Everywhere] The context menu has landed
Peter Eckersley
pde at eff.org
Thu Jun 23 13:03:51 PDT 2011
The context menu code has finally landed in master. It was rather more work
than expected, but it's now mostly done.
A couple of notes about it:
- this means we're now nearly ready to move huge numbers of development rules
into the stable branch. We will have a new devel release in the next day
or two, and new stable releases will be branched off that.
- I'm switching to numbering development branches like 1.0.0development.1
rather than 1.0.0.development.1, since that's more consistent with
Mozilla's idea of version numbering:
https://developer.mozilla.org/en/nsIVersionComparator
- the semantics for the appearance of <securecookie>-only rules (the prime example
of which is the Facebook+ rule) in the context menu is not very good.
Currently these rules are only displayed if cookies were set while loading
parts of the current page.
The theoretically ideal way to do this would be to let the user toggle a
<securecookie> ruleset on any page where those cookies are sent, which would
probably require us to remember for each cookie whether the site tried to
set it securely, and to walk through the cookie store and toggle the secure
flag between "secure" and "whatever the site said". Happy to take a patch
if anyone is up for that task ;).
--
Peter Eckersley pde at eff.org
Senior Staff Technologist Tel +1 415 436 9333 x131
Electronic Frontier Foundation Fax +1 415 436 9993
More information about the HTTPS-everywhere
mailing list