[HTTPS-Everywhere] Hundreds of rulesets will need to be marked platform="mixedcontent" to disable them for Chromium users

[Peter Eckersley]

Yes, we've been thinking about this both for Chromium and for the quality of
the rulesets in general.  Ondrej's code
(https://github.com/hiviah/https-everywhere-checker) will take a bit more work
before it can be used to properly test the whole library, but that's worth
attempting.  There are some extra problems that would apply to mixed content
detection, though:

 - Not all mixed content causes a page to break or render incorrectly (eg,
   blocking an HTTP ad, analytics script or tracking beacon is non-fatal)
 - Ondrej's code will fetch URLs.  We would then have to parse them to see the
   URLs of all embedded stuff (doable) and then ideally execute the JavaScript
   to see if there are any further embeds (less doable).

Two other options are to use something like selenium for Chrome (if such a
thing exists) or try to detect the mixed content states from within our
extension code, and give users a way to keep and send us logs of them, if they
wish to.

On Tue, Sep 25, 2012 at 08:41:22PM -0500, Jay Weisskopf wrote:
> Didn't someone create a ruleset test framework a few months back? Could
> that be adapted to generate a list of "mixedcontent" sites?
> 
> - Jay

-- 
Peter Eckersley                            pde at eff.org
Technology Projects Director      Tel  +1 415 436 9333 x131
Electronic Frontier Foundation    Fax  +1 415 436 9993