Opened 9 years ago

Closed 9 years ago

Last modified 9 years ago

#1674 closed defect (fixed)

every from rule should contain a slash after the host part

Reported by: schoen Owned by: pde
Priority: Medium Milestone:
Component: HTTPS Everywhere/EFF-HTTPS Everywhere Version:
Severity: Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

A from rule that matches on an entire site, but doesn't contain a trailing slash, could be misinterpreted.

For example, http://w3.org erroneously matches http://w3.organization.net and http://mail.com matches http://mail.commercialsite.com, and so on.

Experiment seems to show that an explicit trailing slash on the from rule for a site does not cause Firefox to fail to apply the rule if the user doesn't type the slash. For instance, the from rule http://www.example.com/ will correctly trigger if the user types "www.example.com", "http://www.example.com", "www.example.com/", or "http://www.example.com/" in the address bar. Adding the trailing slash avoids potential false positives and does not seem to create any false negatives, so it should be done by default in rules that ship with HTTPS Everywhere.

This does NOT mean that http://www.example.com/resource and http://www.example.com/resource/ are the same. The trailing slash is only automatically appropriate at the top level of a site, not necessarily for individual pages of the site. Whether trailing slashes belong in rules referring to individual pages or directories is a case-by-case question.

Child Tickets

Change History (5)

comment:1 Changed 9 years ago by schoen

I meant to use carets there but the wiki formatting treated the carets as indicating superscripts. If you see a rule in superscript in this bug, think of it as beginning with a caret. :-)

comment:2 Changed 9 years ago by bee

Hi!!!!!!!!!

Looking at this so quickly, but i think that my patch automatically fixes this bug too!!!!!
https://trac.torproject.org/projects/tor/ticket/1614 check it out!!!!!!!

bye!!!!!!!!!
~bee!!!!

comment:3 Changed 9 years ago by dkg

i've committed a fix for this as changeset 344dd in my git repository:

git://lair.fifthhorseman.net/~dkg/https-everywhere

comment:4 Changed 9 years ago by pde

Resolution: fixed
Status: newclosed

Fixed in git.

comment:5 Changed 9 years ago by mikeperry

Should appear in 0.2.3.

Note: See TracTickets for help on using tickets.