[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] [https-everywhere/master] better protect against SSL stripping, and escape dots



Author: Seth Schoen <schoen@xxxxxxx>
Date: Thu, 11 Nov 2010 12:49:10 -0800
Subject: better protect against SSL stripping, and escape dots
Commit: 26f8caa42aeec6397ac948eb78ac984da48fed9f

---
 src/chrome/content/rules/Live.xml |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/chrome/content/rules/Live.xml b/src/chrome/content/rules/Live.xml
index 2649560..e6acb2a 100644
--- a/src/chrome/content/rules/Live.xml
+++ b/src/chrome/content/rules/Live.xml
@@ -8,14 +8,14 @@
   
   <!-- Microsoft itself protects the login this way but we can prevent
        against SSL stripping. -->
-  <rule from="^http://(login|onecare)\.live\.com/" to="https://$1.live.com/"/>
+  <rule from="^http://(login|onecare|mail)\.live\.com/" to="https://$1.live.com/"/>
 
   <!-- Both of these appear to trigger two good things: (1) the user is
        prompted to make HTTPS the default; (2) even if the user decides
        not to, the remainder of that mail-reading session is automatically
        HTTPS-only. -->
   <rule from="^http://(www\.)hotmail\.com/" to="https://www.hotmail.com/"/>
-  <rule from="^http://([^@:/]+)\.([^@:/]+)\.mail.live.com/" to="https://$2.mail.live.com/"/>
+  <rule from="^http://([^@:/]+)\.([^@:/]+)\.mail\.live\.com/" to="https://$2.mail.live.com/"/>
   <!-- example:
        http://sn133w.snt133.mail.live.com/default.aspx?wa=wsignin1.0 >>>
        https://snt133.mail.live.com/default.aspx?wa=wsignin1.0  -->
-- 
1.7.1