On 02/11/2015 02:18 PM, Mike Perry wrote: > So in the meantime, is it your plan to remove all of the currently > tagged platform="mixedcontent" rules caused by Bug 878890? No, not unless the hosts listed in those rules have a bad certificate or some other sort of connection error.
At some point I may want to adopt Micah's tests or something similar, to do another round of auto-detecting mixed content blocking. In that case I would try to use the output to automatically set the platform="mixedcontent" tag. > Our thinking here was that with enough coverage from HTTPS-Everywhere, > the "Medium" setting on our Security Slider can disable *all* > non-HTTPS Javascript, including any HTTPS or non-HTTPS javascript > sourced from a non-HTTPS url bar. So in this setting, we block a > superset of the Javascript that mixed content blocking blocks, and in > fact should load no unauthenticated JS at all. This makes sense. I do worry that with MCB in mainstream Firefox for so long, all the rules with platform="mixedcontent" get very little user testing. So a large number of them may be broken. _______________________________________________ HTTPS-Everywhere mailing list [email protected] https://lists.eff.org/mailman/listinfo/https-everywhere
