vip-scanner icon indicating copy to clipboard operation
vip-scanner copied to clipboard

Published 20 hours ago verified publisher icon Automattic

Basic flagging of HTTP protocol-specific URLs.

Open emrikol opened this issue 9 years ago • 0 comments

As per GitHub Issue #216, there are good reasons to use protocol-relevant URLs. This pull request includes some basic scanning for this:

  • CSS and JS files
  • PHP files, specifically for WordPress functions that enqueue and register scripts and styles (wp_enqueue_script(), wp_enqueue_style(), wp_register_script(), and wp_register_style())
  • HTML tags and attributes inside PHP and HTML files that might cause a mixed content browser warning.

The HTML tags scanned for are:

  • <object> and 'data'
  • <menuitem> and 'icon'
  • <html> and 'manifest'
  • <video> and 'poster'
  • <audio>, <embed>, <iframe>, <img>, <input>, <script>, <source>, <track>, <video> and 'src'
  • <link> and 'href' only if 'rel' is 'stylesheet'

These tags and attributes were gathered from the W3C's list.

Before the files are scanned, the comments are stripped out so that we help reduce the number of false positives.

This isn't a definitive scan, but it should help catch many of the common cases.

emrikol avatar Apr 06 '15 16:04 emrikol