[HTTPS-Everywhere] HTTPS Everywhere & insecure JS in Chrome
Adam Langley
agl at chromium.org
Tue Jul 31 14:54:50 PDT 2012
I feel that the only reasonable code change would be to move the
mixed-scripting detection logic to the point in WebKit where we start
to process the request. At that point we could determine whether we
actually loaded it securely due to an internal redirect.
But it's a bunch of work. I suspect that, unless you have someone
someone lined up to do it, it's probably not going to happen.
Cheers
AGL
More information about the HTTPS-everywhere
mailing list