On Tue, Aug 18, 2009 at 3:12 AM, Sylvain Comte<sylvain.co...@gmail.com> wrote: > You should take a look at the fork (and enhanced) version of the > script : smart google subscriber (http://userscripts.org/scripts/show/ > 33600).
Here, this version spoils the security status of https-pages. E.g. the
login page for online banking is downgraded to "partially encrypted".
The icon for Smart Subscriber is injected as "data:image/
png;base64..." into the page; this counts as unencrypted data! I can't
test a newer version of this script since Sylvain's homepage is
unavailable, today. I switched to Parparita's version which doesn't
have this side-effect. (It uses the chrome: protocol to inject the
icon rather than the data: protocol).
On Aug 18, 9:16 pm, Gina Trapani <ginatrap...@gmail.com> wrote:
> On Tue, Aug 18, 2009 at 3:12 AM, SylvainComte<sylvain.co...@gmail.com> wrote:
> > You should take a look at the fork (and enhanced) version of the
> > script : smart google subscriber (http://userscripts.org/scripts/show/ > > 33600).
On Fri, Sep 25, 2009 at 1:07 PM, Heribert Slama <hsl...@gmail.com> wrote: > The icon for Smart Subscriber is injected as "data:image/ > png;base64..." into the page; this counts as unencrypted data! I can't > test a newer version of this script since Sylvain's homepage is > unavailable, today. I switched to Parparita's version which doesn't > have this side-effect. (It uses the chrome: protocol to inject the > icon rather than the data: protocol).
Parparita's version uses the chrome: protocol to inject the orange RSS icon, ie this:
chrome://browser/skin/page-livemarks.png
But not the image when you're subscribed--I think it's a giant checkmark.
Parparita is able to use that chrome: protocol because that orange RSS icon ships with Firefox and is already available in your browser. The other's aren't.
In theory, I could start shipping separate images with the extension, and use the chrome: call to stop breaking SSL, but I haven't tested this so I'm not sure it will work in practice. It's worth checking into, and I will. Thanks for bringing it to my attention.
> Here, this version spoils the security status of https-pages. E.g. the
> login page for online banking is downgraded to "partially encrypted".
> The icon for Smart Subscriber is injected as "data:image/
> png;base64..." into the page; this counts as unencrypted data! [......]
Hi Gina,
The Better _Gmail_ extension is also affected: the script "Attachment
Icons" uses the data: protocol to inject the icons (can be seen on
Page Info | Media) changing the security status of Gmail to "partially
encrypted"; of course, all other secure pages are _not_ affected. (I
was too lazy to open a new thread for this;-)
On Fri, Sep 25, 2009 at 2:33 PM, Heribert Slama <hsl...@gmail.com> wrote: > The Better _Gmail_ extension is also affected: the script "Attachment > Icons" uses the data: protocol to inject the icons
Yep, that I was aware of--it's on the Known Issues list. If I do modify the extension structure to support local image files, I'll be able to fix that, too. It would be a worthwhile change. Thanks.
Sorry that you can't access to my homepage, but it's a free hosting so
it may happend.
By the way, you will not find any newer version of the script there
since last one is always on userscripts.org
Also seen that Gina is taking a look at including the icons into the
chrome of the extension. So, can't suggest anything better. Maybe if
this doesn't work.
|
