mixed-content-scan icon indicating copy to clipboard operation
mixed-content-scan copied to clipboard

Published 20 hours ago verified publisher icon bramus

Scan more things for being MC or not?

Open bramus opened this issue 10 years ago • 2 comments

Full list at http://www.w3.org/TR/mixed-content/#categories

bramus avatar Dec 11 '14 18:12 bramus

I think this is related to the original question/suggestion here, but I just ran a scan on a website and it "missed" lots of things that were requested over HTTP.

For example, old object/embed code like this:

<object><param name="movie" value="http://www.youtube.com/..."></param><embed src="http://www.youtube.com/..."></embed></object>

Maybe we could have an ability to create our own regex matches?

Possible additional tags to check for:

source[srcset]
video[src]
audio[src]
img[srcset] (can contain multiples)
param[value] (e.g. when used with name="movie")
embed[src]

Of course, none of this considers insecure requests from stylesheets or javascript.

jamieburchell avatar Jun 29 '16 10:06 jamieburchell

Thanks for your additions via #36, @jamieburchell!

bramus avatar Jun 29 '16 14:06 bramus