https-everywhere-checker icon indicating copy to clipboard operation
https-everywhere-checker copied to clipboard

Published 20 hours ago verified publisher icon hiviah

Target matching semantics are subtly different than HTTPS Everywhere

Open jsha opened this issue 9 years ago • 2 comments

Specifically, in HTTPS Everywhere, right-wildcards don't match arbitrarily deep (unlike left wildcards, which do). Specifically, google.* will match google.com but not google.com.au. However, I think https-everywhere-checker does match arbitrarily deep. We should fix this to match the HTTPS Everywhere behavior, which is intentional.

Up until recently this was a little ambiguous on https://www.eff.org/https-everywhere/rulesets, so I've updated it to clarify.

jsha avatar Mar 21 '15 01:03 jsha

Actually this has been implemented before in RuleTrie.transformUrl when looking for applicable rulesets. Since pull request #4 the matching on target is bypassed - UrlComparisonThread.processUrl tests all regexps in the ruleset (may match hosts that are not listed in element).

hiviah avatar Mar 30 '15 16:03 hiviah

Ah, good point - thanks for spotting it. I will fix that code to reject URLs that don't match the targets.

jsha avatar Mar 30 '15 18:03 jsha