Hi Peter: You suggestion makes a lot of sense, yes. It would make sense to accept SSL or not if you start with //example.com. The only issue is that right now is that it can accept local paths, and it would probably see //example.com as a local path, so there is a little of logic to add. Ideally, maybe we could think of simple regex patterns that LibreJS would match: .*example.com/js/jquery-.* so that it matches any script with jquery-xxxx.js. But this may lead to tricky errors from webmasters.
Peter Olson <[email protected]> writes: > Thinking a little more about this, are these equivalent? > > http://example.com/abc/def/ghi/../js/xyz.js > http://example.com/abc/def/js/xyz.js These wouldn't be equivalent for LibreJS, I don't think so. But yeh, I guess we could generate a proper URL (the second one) and figure out that the first is the same. Another solution would be to visit those scripts, generate a hash (we already do that to accept known libraries), and then allow any URL when the hash matches that particular url you had linked to initially in the js web labels. Generating the hashes takes a little bit of time but I don't think it would be so bad if it's done asynchronously without freezing the UI.
