WebAssign site produces litany of "Security Warning" alerts
VERSION: HTTPS Everywhere 3.0.4 BROWSER: Firefox 17.0 on Windows
While using WebAssign as a logged in user and with HTTPS Everywhere protection enabled, one encounters a "Security Warning" for every click due to what the browser thinks is the submission of an unprotected form from an https-protected webpage. In reality (as verified using firefox's web console), HTTPS Everywhere is indeed converting the http POST link to https, but at a lower level than whatever causes the warning dialog.
I suspect the reason HTTPS Everywhere can't convert the link ahead of time is due to its being generated by javascript such as this:
!javascript:onclick=document.forms[0].clicked.value='31,17';document.forms[0].action.value='roster/view';%20document.forms[0].showAll.value='0';document.forms[0].submit(this);
To reproduce:
- Go to the Webassign demo site
- Note that this subdomain is not currently covered by the HTTPS Everywhere plugin, but the plugin could easily be extended for both testing and production purposes.
- Change the http to https (or have the HTTPS Everywhere do it for you by including demo.webassign.net)
- Click on something like "Roster"
- See the submission error
Could someone please take a look at this?
Thank you in advance