[tor-bugs] #17300 [EFF-HTTPS Everywhere]: Form action on tweakers.net does not get rewritten
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Oct 8 04:23:11 UTC 2015
#17300: Form action on tweakers.net does not get rewritten
----------------------------------+----------------------
Reporter: cypherpunks | Owner: jsha
Type: defect | Status: new
Priority: normal | Milestone:
Component: EFF-HTTPS Everywhere | Version:
Keywords: httpse-ruleset-bug | Actual Points:
Parent ID: | Points:
Sponsor: |
----------------------------------+----------------------
On gathering.tweakers.net (forum), registered users can reply to topics.
When you hit the button to see either a preview or actually post the
message, Firefox (I think Chrome didn't, but don't know if that means it
just kept quiet or rewrote the link) will complain saying "The information
you have entered on this page will be sent over an insecure connection".
Example:
<form action="http://gathering.tweakers.net/forum/insert_message/1601768"
method="post" id="message_form" class="form2 altmsg1 insertMessage"
onsubmit="return this.preview||checknewmessageform(this)">
Yes, they use absolute http-URLs everywhere.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17300>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list