Editing and import/export of custom rules

[gbnrileuhg1]

Type: feature request

Currently, HTTPS Everywhere allows users to add custom rules through the UI. After such a custom rule is saved, it can be edited only when visiting a site affected by it. If a user made an error during the creation of a rule, it might not apply to any page or the pages actually affected might not be known (if the user mistyped something). There is currently no way to edit or remove such a rule.

Also there is no way of importing a custom ruleset (aside from the "debugging rulesets" page, which seems to be not intended to be used that way), making it harder for users to convert from similiar addons. There should also be a export feature if a user wants to switch to some other addon or to a new browser profile or wants to share their custom rules in some other way.

Alternatively – as some other comments suggested that such encouragement of custom rules might not be desired in this addon – I suggest removing custom rules entirely to avoid the issues described in the first paragraph. In that case there should still be some way for old users to export their existing rules.

[jeremyn]

I generally agree with what you want here.

There should be a way to examine and modify all custom rules in one place. This is potentially a security issue: a user might visit some sensitive site and add a custom ruleset for it, and then leave the site and forget about it entirely. This leaves a record that they visited that site that they may not know is there.

The canonical way to transfer extension settings is through the browser's "sync" feature. Of course this doesn't address every situation you present, but it's an option in some limited cases.

[gbnrileuhg1]

As you mention "potential security issue": If I'm getting the UI right (I don't dare testing it myself), a user might accidentially add a rule to redirect from HTTPS to plain HTTP and forget about it. How does the list of applied rules behave when redirecting to a different domain? Can a user add a rule to redirect from a.example.com to b.example.com and be completely unable to edit a rule that does actually have an effect?

[jeremyn]

You can test the UI yourself by making a new Firefox profile (about:profiles) and installing HTTPS Everywhere into that. The settings there will not affect the settings in your regular profile. For your specific questions you might use example.com and example.org as test domains, since we don't have rulesets for those and both domains support both http and https.

To answer your questions, the rules that show up in the UI are based on the domain, not the rewrite. So in your https to http hypothetical, the custom rule still appears when the user is at the http URL because the domain is the same. In your a to b hypothetical, if the ruleset is http://a to https://b then it's a little trickier but the user should be able to see the rule if they go directly to https://a.

[gbnrileuhg1]

But with both combined (and possibly the second case, if only one of HTTP and HTTPS is available on the first domain), if a user accidentially creates a rule to redirect https?://a to http://b, they couldn't fix it.

[jeremyn]

The rule should still show up in the UI even if the page itself returns an error, for example (in the second case) if https://a fails to load for some reason.

I agree that a rule that rewrites from https?://a to some other domain is going to be difficult or impossible to later edit.

[jwilk]

Why was this issue closed?

[zoracon]

@jwilk We are retiring our base rulesets, as described here and retiring the extension at the end of this year.

I had bulk closed issues based on rulesets and new features. But can consider an export feature before retiring the extension. I will reopen since interest was shown.