
<html>

  <head>

    <meta content="text/html; charset=windows-1252"

      http-equiv="Content-Type">

  </head>

  <body bgcolor="#FFFFFF" text="#000000">

    I found an actual live site with the problem: <a class="moz-txt-link-freetext" href="https://giphy.com/">https://giphy.com/</a><br>

    <br>

    Richard<br>

    <br>

    <div class="moz-cite-prefix">On 8/20/2014 8:30 PM, Jacob S

      Hoffman-Andrews wrote:<br>

    </div>

    <blockquote cite="mid:53F4E945.2050406@eff.org" type="cite">

      <meta content="text/html; charset=windows-1252"

        http-equiv="Content-Type">

      I wasn't able to reproduce this prompt on Tumblr, in a fresh

      FF31.0 profile with only HTTPS Everywhere installed. Is there

      another site that reproduces reliably?<br>

      <br>

      I would be mildly in favor of search the page after load for form

      elements where action points to an insecure URL that we can

      rewrite. I'm more on the fence about rewriting the whole page. It

      might enabled us to re-enable some rulesets that were disabled for

      MCB, but it would work pretty inconsistently because of JavaScript

      insertions and runs the risk of moving HTTPS Everywhere from

      "slow" to "really slow."<br>

      <br>

      <div class="moz-cite-prefix">On 08/20/2014 02:27 PM, Nick

        Semenkovich wrote:<br>

      </div>

      <blockquote

cite="mid:CAJKgmrWdi9_LeCbK0WtuuU7FVvQ-=KBmQg48RXP3+mVpeCB3Aw@mail.gmail.com"

        type="cite">

        <div dir="ltr">Chrome now warns about this too, per:

          <div><br>

          </div>

          <div><a moz-do-not-send="true"

              href="https://code.google.com/p/chromium/issues/detail?id=253249">https://code.google.com/p/chromium/issues/detail?id=253249</a></div>

          <div class="gmail_extra"> <br>

          </div>

          <div class="gmail_extra">Looks like it's on the beta channel

            (M37) which will probably hit stable in ~one month.<br>

            <br>

            <div class="gmail_quote">On Wed, Aug 20, 2014 at 1:10 PM,

              Richard Fussenegger, BSc <span dir="ltr"><<a

                  moz-do-not-send="true"

                  href="mailto:richard@fussenegger.info" target="_blank">richard@fussenegger.info</a>></span>

              wrote:<br>

              <blockquote class="gmail_quote" style="margin:0 0 0

                .8ex;border-left:1px #ccc solid;padding-left:1ex">This

                topic was already raised once in the past (see <a

                  moz-do-not-send="true"

href="https://lists.eff.org/pipermail/https-everywhere/2011-June/000914.html"

                  target="_blank">https://lists.eff.org/pipermail/https-everywhere/2011-June/000914.html</a>)

                but I'd like to discuss it again because it's pretty

                annoying and might even be disturbing to new users of

                the extension.<br>

                <br>

                I found that the main problem are websites that have the

                scheme hard coded on form action attributes. I therefore

                propose that the extension could parse the page and

                rewrite any URL pointing to the current domain that has

                the http scheme set instead of the secure one. I'm also

                willing to produce this feature but I don't know if this

                is even possible with an extension like

                HTTPS-Everywhere. You might be able to answer this or

                maybe you have some arguments why this would be a bad

                idea.<br>

                <br>

                Richard<br>

                _______________________________________________<br>

                HTTPS-Everywhere mailing list<br>

                <a moz-do-not-send="true"

                  href="mailto:HTTPS-Everywhere@lists.eff.org"

                  target="_blank">HTTPS-Everywhere@lists.eff.org</a><br>

                <a moz-do-not-send="true"

                  href="https://lists.eff.org/mailman/listinfo/https-everywhere"

                  target="_blank">https://lists.eff.org/mailman/listinfo/https-everywhere</a><br>

              </blockquote>

            </div>

            <br>

            <br clear="all">

            <div><br>

            </div>

            -- <br>

            Nick Semenkovich<br>

            Laboratory of Dr. Jeffrey I. Gordon<br>

            Medical Scientist Training Program<br>

            School of Medicine<br>

            Washington University in St. Louis<br>

            <a moz-do-not-send="true"

              href="https://nick.semenkovich.com/" target="_blank">https://nick.semenkovich.com/</a>

          </div>

        </div>

        <br>

        <fieldset class="mimeAttachmentHeader"></fieldset>

        <br>

        <pre wrap="">_______________________________________________

HTTPS-Everywhere mailing list

<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:HTTPS-Everywhere@lists.eff.org">HTTPS-Everywhere@lists.eff.org</a>

<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://lists.eff.org/mailman/listinfo/https-everywhere">https://lists.eff.org/mailman/listinfo/https-everywhere</a></pre>

      </blockquote>

      <br>

    </blockquote>

    <br>

  </body>

</html>