[HTTPS-Everywhere] Help needed: Disabling 3,080 rulesets
Mike Perry
mikeperry at torproject.org
Wed Feb 11 12:04:20 PST 2015
Jacob Hoffman-Andrews:
> Hi all,
>
> Using hiviah's https-everywhere-checker, I've found 3,080 rules that
> fail in various ways, and automatically disabled them:
> https://github.com/EFForg/https-everywhere/pull/1036.
>
> I'm in the process of spot-checking these for systemic errors, but so
> far they seem reasonably accurate. Tomorrow I'll merge this branch to
> master.
Out of curiosity, did you also check for rules that were damaged by
https://bugzilla.mozilla.org/show_bug.cgi?id=878890?
You should be able to test that by setting
security.mixed_content.block_active_content to false when testing
rulesets, because the mixed content blocker blocks elements from https
sites that get redirected by HTTPS-Everywhere into https.
In the past, rules that tripped over that bug have been tagged with
platform="mixedcontent".
I ask because in Tor Browser, we've been also setting
security.mixed_content.block_active_content to false, to allow
HTTPS-Everywhere to enable rules that were broken specifically by that
bug.
--
Mike Perry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Digital signature
URL: <https://lists.eff.org/pipermail/https-everywhere/attachments/20150211/56007871/attachment.sig>
More information about the HTTPS-Everywhere
mailing list