Skip to content

Commit 87a438f

Browse files
Chan Chak ShingJ0WI
Chan Chak Shing
authored and
J0WI
committed
Simplify and update Bloomberg.xml (EFForg#15489)
1 parent fa1d6b8 commit 87a438f

2 files changed

Lines changed: 36 additions & 128 deletions

File tree

src/chrome/content/rules/Bloomberg.com-problematic.xml

Lines changed: 0 additions & 13 deletions
This file was deleted.

src/chrome/content/rules/Bloomberg.xml

Lines changed: 36 additions & 115 deletions
Original file line numberDiff line numberDiff line change
@@ -1,127 +1,48 @@
11
<!--
2-
For problematic rules, see Bloomberg.com-problematic.xml.
3-
4-
5-
Other Bloomberg rulesets:
6-
7-
- bbthat.com.xml
8-
- Bloomberg.net.xml
9-
- Bloomberg_Sports.com.xml
10-
- BusinessWeek.com.xml
11-
- Bwbx.io.xml
12-
- Gotraffic.net.xml
13-
14-
15-
CDN buckets:
16-
17-
- s3.amazonaws.com/bloomberg.com/
18-
- cdn.video.http.2.bloomberg.com.edgesuite.net
19-
- www.bloomberg.com.edgesuite.net
20-
- static.btrd.net.edgesuite.net
21-
22-
23-
Problematic hosts in *bloomberg.com:
24-
25-
- jobs *
26-
- origin-www ˣ
27-
- cdn.videos (akamai pointing to cloudfront)
28-
- www ˣ
29-
30-
* Jobs2Web / mismatched
31-
ˣ Mixed iframe, see https://www.paulirish.com/2010/the-protocol-relative-url/
32-
33-
34-
Nonfunctional domains:
35-
36-
- bloomberg.com subdomains:
37-
38-
- about *
39-
- quote *
40-
- washpost (refused)
41-
42-
- static.btrd.net (shows bx.businessweek.com, akamai)
43-
44-
* Dropped
45-
46-
47-
Insecure cookies are set for these domains and hosts: ᶜ
48-
49-
- .bloomberg.com
50-
- login.bloomberg.com
51-
- m.bloomberg.com
52-
- origin-www.bloomberg.com
53-
- www.bloomberg.com
54-
55-
ᶜ See https://owasp.org/index.php/SecureFlag
56-
57-
58-
Mixed content:
59-
60-
- iframe on origin-www, www from www.bloomberg.com
61-
- Images on origin-www, www from assets.bwbx.io ˢ
62-
63-
ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
64-
2+
Other Bloomberg related rulesets:
3+
+ bbthat.com.xml
4+
+ Bloomberg.net.xml
5+
+ Bloomberg_Sports.com.xml
6+
+ BusinessWeek.com.xml
7+
+ Bwbx.io.xml
8+
+ Gotraffic.net.xml
9+
10+
Non-functional hosts
11+
Couldn't connect to server:
12+
- about.bloomberg.com
13+
14+
SSL connect error:
15+
- jpmobile.bloomberg.com
16+
17+
SSL peer certificate was not OK:
18+
- b.bloomberg.com
19+
- cdn.videos.bloomberg.com
6520
-->
6621
<ruleset name="Bloomberg.com (partial)">
67-
6822
<target host="bloomberg.com" />
23+
<target host="www.bloomberg.com" />
24+
<target host="api.bloomberg.com" />
25+
<test url="http://api.bloomberg.com/syndication/newsml/v12/news/P6XMSU6KLVRB" />
26+
<target host="assist.bloomberg.com" />
27+
<target host="bba.bloomberg.com" />
28+
<target host="blinks.bloomberg.com" />
29+
<target host="newsletters.briefs.bloomberg.com" />
30+
<target host="bsym.bloomberg.com" />
6931
<target host="careers.bloomberg.com" />
32+
<target host="chartmaker.bloomberg.com" />
33+
<target host="console.bloomberg.com" />
34+
<target host="go.bloomberg.com" />
35+
<target host="jobs.bloomberg.com" />
36+
<target host="lei.bloomberg.com" />
7037
<target host="login.bloomberg.com" />
38+
<target host="m.bloomberg.com" />
39+
<target host="mediasource.bloomberg.com" />
7140
<target host="nav.bloomberg.com" />
41+
<test url="http://nav.bloomberg.com/public/images/ad_choices-62a535e263.png" />
7242
<target host="origin-www.bloomberg.com" />
7343
<target host="service.bloomberg.com" />
74-
<target host="www.bloomberg.com" />
75-
76-
<!-- 504:
77-
-->
78-
<!--exclusion pattern="^http://www\.bloomberg\.com/(?:company$|notices/(?:help|privacy)/$|professional/bcom-demo/$)" /-->
79-
<!--
80-
Mixed iframe:
81-
-->
82-
<!--exclusion pattern="^http://origin-www\.bloomberg\.com/$" /-->
83-
<!--exclusion pattern="^http://www\.bloomberg\.com/europe$" /-->
84-
<!--
85-
Exceptions:
86-
-->
87-
<exclusion pattern="^http://(?:origin-www\.|www\.)?bloomberg\.com/(?!/*(?:news|view)/articles/\d{4}-\d\d-\d\d/)" />
88-
89-
<!-- +ve:
90-
-->
91-
<test url="http://www.bloomberg.com/company/" />
92-
<test url="http://www.bloomberg.com/europe" />
93-
<test url="http://www.bloomberg.com/markets/components/data-drawer?linksType=nav" /><!-- said mixed iframe -->
94-
<test url="http://www.bloomberg.com/notices/help/" />
95-
<test url="http://www.bloomberg.com/notices/privacy/" />
96-
<test url="http://www.bloomberg.com/professional/bcom-demo/" />
97-
98-
<!-- -ve:
99-
-->
100-
<test url="http://bloomberg.com/view/articles/2016-06-10/economics-struggles-to-cope-with-reality" />
101-
<test url="http://origin-www.bloomberg.com/news/articles/2016-06-15/opec-turmoil-could-turn-iea-s-balanced-market-into-shortfall" /><!-- mixed image -->
102-
<test url="http://www.bloomberg.com/news/articles/2016-06-14/sweden-lashes-out-at-opportunist-cameron-as-brexit-risks-rise" /><!-- mixed image -->
103-
104-
<!-- $ 404s, so:
105-
-->
106-
<test url="http://nav.bloomberg.com/public/images/ad_choices-62a535e263.png" />
107-
108-
109-
<!-- Not secured by server:
110-
-->
111-
<!--securecookie host="^\.bloomberg\.com$" name="^force_re_auth$" /-->
112-
<!--securecookie host="^careers\.bloomberg\.com$" name="^(l|SRV)$" /-->
113-
<!--securecookie host="^jobs\.bloomberg\.com$" name="^(JSESSIONID|PERSIST)$" /-->
114-
<!--securecookie host="^login\.bloomberg\.com$" name="^(?:_registration_session|SRV2?)$" /-->
115-
<!--securecookie host="^m\.bloomberg\.com$" name="^SRV$" /-->
116-
<!--securecookie host="^origin-www\.bloomberg\.com$" name="^(?:__uzm[abcd]|SRV)$" /-->
117-
<!--securecookie host="^service\.bloomberg\.com$" name="^(SRV|locale|session)$" /-->
118-
<!--securecookie host="^www\.bloomberg\.com$" name="^(?:__uzm[abcd]|ak_co|ak_rg)$" /-->
119-
120-
<securecookie host="^\." name="^optimizely" />
121-
<securecookie host="^(?:careers|service)\.bloomberg\.com$" name=".+" />
122-
12344

124-
<rule from="^http:"
125-
to="https:" />
45+
<securecookie host=".+" name=".+" />
12646

47+
<rule from="^http:" to="https:" />
12748
</ruleset>

0 commit comments

Comments
 (0)