galeksandrp
diff --git a/‎CONTRIBUTING.md‎
Lines changed: 326 additions & 5 deletions b/‎CONTRIBUTING.md‎
Lines changed: 326 additions & 5 deletions
diff --git a/‎README.md‎
Lines changed: 11 additions & 52 deletions b/‎README.md‎
Lines changed: 11 additions & 52 deletions
diff --git a/‎chromium/background.js‎
Lines changed: 17 additions & 3 deletions b/‎chromium/background.js‎
Lines changed: 17 additions & 3 deletions
diff --git a/‎chromium/manifest.json‎
Lines changed: 1 addition & 6 deletions b/‎chromium/manifest.json‎
Lines changed: 1 addition & 6 deletions
diff --git a/‎docs/faq.md‎
Lines changed: 1 addition & 1 deletion b/‎docs/faq.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎ruleset-style.md‎
Lines changed: 0 additions & 125 deletions b/‎ruleset-style.md‎
Lines changed: 0 additions & 125 deletions
diff --git a/‎ruleset-testing.md‎
Lines changed: 12 additions & 12 deletions b/‎ruleset-testing.md‎
Lines changed: 12 additions & 12 deletions
diff --git a/‎src/Changelog‎
Lines changed: 21 additions & 0 deletions b/‎src/Changelog‎
Lines changed: 21 additions & 0 deletions
@@ -16,10 +16,18 @@ Run the latest code and rulesets in a standalone Firefox profile:
 
     bash test/firefox.sh --justrun
 
+Run the latest code and rulesets in a standalone profile for a specific version of Firefox:
+
+    FIREFOX=/path/to/firefox bash test/firefox.sh --justrun
+
 Run the latest code and rulesets in a standalone Chromium profile:
 
     bash test/chromium.sh --justrun
 
+Run the latest code and rulesets in a standalone Tor Browser profile:
+
+    bash test/tor path_to_tor_browser.tar.xz
+
 Build the Firefox extension as a .xpi package:
 
     bash makexpi.sh
@@ -58,58 +66,9 @@ Important directories you might want to know about
 
     test/                     The tests live here
 
+    util/                     Various utilities
+
 Hacking on the Source Code
 --------------------------
 
-The current stable release series is 5.2. The maintainers release new versions
-off the current master branch about every two weeks.
-
-To submit changes, either use pull requests on GitHub or email patches to
-https-everywhere-rulesets@lists.eff.org (rulesets) or
-https-everywhere@lists.eff.org (code).
-
-### Writing rulesets
-
-HTTPS Everywhere consists of a large number of rules for switching sites from HTTP to HTTPS. You can read more about how to write these rules here: https://www.eff.org/https-everywhere/rulesets
-
-If you want to create new rules to submit to us, we expect them to be in the src/chrome/content/rules directory. That directory also contains a useful script, make-trivial-rule, to create a simple rule for a specified domain. There is also a script called trivial-validate.py, to check all the pending rules for several common errors and oversights. For example, if you wanted to make a rule for the example.com domain, you could run
-
-    bash ./make-trivial-rule example.com
-
-inside the rules directory. This would create Example.com.xml, which you could then take a look at and edit based on your knowledge of any specific URLs at example.com that do or don't work in HTTPS. You should then run
-
-    bash test.sh
-
-to make sure that your rule is free of common mistakes.
-
-### Writing translations
-
-If you would like to help translate HTTPS Everywhere into your language,
-you can do that through the Tor Project's Transifex page:
-https://www.transifex.com/projects/p/torproject/.
-
-### Bug trackers and mailing lists
-
-We currently have two bug trackers. The one on GitHub (https://github.com/EFForg/https-everywhere/issues) is recommended because it gets checked more frequently and has a friendlier user interface. The one on trac.torproject.org (https://trac.torproject.org/projects/tor/report/19) has a large backlog of bugs at this point, but it has the advantage of allowing you to post bugs anonymously using the "cypherpunks" / "writecode" account. (Note that you won't see replies unless you put an email address in the CC field.)
-
-We have two publicly-archived mailing lists: the https-everywhere list (https://lists.eff.org/mailman/listinfo/https-everywhere) is for discussing the project as a whole, and the https-everywhere-rulesets list (https://lists.eff.org/mailman/listinfo/https-everywhere-rules) is for discussing the rulesets and their contents, including patches and git pull requests.
-
-Tests
--------------
-
-There are some very basic unittests under test/. These are run with
-
-    bash test.sh
-
-Please help write more unittests and integration tests!
-
-There are also ruleset tests, which aim to find broken rulesets by actually
-loading URLs in a browser and watching for Mixed Content Blocking to fire.
-The easiest way to run ruleset tests is to load a standalone Firefox instance
-with the tests enabled:
-
-    bash test/firefox.sh --justrun
-
-Then click the HTTPS Everywhere icon on the toolbar, and click "Run HTTPS
-Everywhere Ruleset Tests." When you run the tests, be prepared to let your
-computer run them for a really long time.
+Please refer to our [contributing](CONTRIBUTING.md) document to contribute to the project.
@@ -206,7 +206,14 @@ function onBeforeRequest(details) {
   uri.href = details.url;
 
   // Should the request be canceled?
-  var shouldCancel = (httpNowhereOn && uri.protocol === 'http:');
+  var shouldCancel = (
+    httpNowhereOn &&
+    uri.protocol === 'http:' &&
+    !/\.onion$/.test(uri.hostname) &&
+    !/^localhost$/.test(uri.hostname) &&
+    !/^127(\.[0-9]{1,3}){3}$/.test(uri.hostname) &&
+    !/^0\.0\.0\.0$/.test(uri.hostname)
+  );
 
   // Normalise hosts such as "www.example.com."
   var canonical_host = uri.hostname;
@@ -241,8 +248,6 @@ function onBeforeRequest(details) {
   }
 
   var potentiallyApplicable = all_rules.potentiallyApplicableRulesets(uri.hostname);
-  // If no rulesets could apply, let's get out of here!
-  if (potentiallyApplicable.size === 0) { return {cancel: shouldCancel}; }
 
   if (redirectCounter[details.requestId] >= 8) {
     log(NOTE, "Redirect counter hit for " + canonical_url);
@@ -282,6 +287,15 @@ function onBeforeRequest(details) {
   }
 
   if (httpNowhereOn) {
+    // If loading a main frame, try the HTTPS version as an alternative to
+    // failing.
+    if (shouldCancel) {
+      if (!newuristr) {
+        return {redirectUrl: canonical_url.replace(/^http:/, "https:")};
+      } else {
+        return {redirectUrl: newuristr.replace(/^http:/, "https:")};
+      }
+    }
     if (newuristr && newuristr.substring(0, 5) === "http:") {
       // Abort early if we're about to redirect to HTTP in HTTP Nowhere mode
       return {cancel: true};
 
@@ -1,9 +1,4 @@
 {
-    "applications": {
-        "gecko": {
-            "id": "https-everywhere-eff@eff.org"
-        }
-    }, 
     "author": {
         "email": "eff.software.projects@gmail.com"
     }, 
@@ -44,5 +39,5 @@
         "storage", 
         "<all_urls>"
     ], 
-    "version": "2016.11.8"
+    "version": "2017.3.17"
 }
@@ -29,7 +29,7 @@ You can also report the problem to the site, since they have the power to fix it
 
 ### [Why is HTTPS Everywhere preventing me from joining this hotel/school/other wireless network?](#why-is-https-everywhere-preventing-me-from-joining-this-hotelschoolother-wireless-network)
 
-Some wireless networks hijack your HTTP connections when you first join them, in order to demand authentication or simply to try to make you agree to terms of use. HTTPS pages are protected against this type of hijacking, which is as it should be. If you go to a website that isn't protected by HTTPS Everywhere (currently, nytimes.com is one such site) that will allow your connection to be captured and redirected to the authentication or terms of use page.
+Some wireless networks hijack your HTTP connections when you first join them, in order to demand authentication or simply to try to make you agree to terms of use. HTTPS pages are protected against this type of hijacking, which is as it should be. If you go to a website that isn't protected by HTTPS Everywhere or by HSTS (currently, example.com is one such site), that will allow your connection to be captured and redirected to the authentication or terms of use page.
 
 ### [Will there be a version of HTTPS Everywhere for IE, Safari, or some other browser?](#will-there-be-a-version-of-https-everywhere-for-ie-safari-or-some-other-browser)
 
 
@@ -30,18 +30,18 @@ target host with a left-side wildcard, and at least ten test URLs for each
 target host with a right-side wildcard. But this is not yet implemented.
 
 # Example:
-	<ruleset name="example.com">
-		<target host="example.com" />
-		<target host="*.example.com" />
-
-		<test url="http://www.example.com/" />
-		<test url="http://beta.example.com/" />
-
-		<rule from="^http://([\w-]+\.)?example\.com/"
-			to="https://$1example.com/" />
-
-	</ruleset>
-
+```xml
+<ruleset name="example.com">
+	<target host="example.com" />
+	<target host="*.example.com" />
+
+	<test url="http://www.example.com/" />
+	<test url="http://beta.example.com/" />
+
+	<rule from="^http://([\w-]+\.)?example\.com/"
+		to="https://$1example.com/" />
+</ruleset>
+```
 This ruleset has one implicit test URL from a target host
 ("http://example.com/"). The other target host has a wildcard, so creates no
 implicit test URL. There's a single rule. That rule contains a '+' and a '?', so
 
@@ -1,3 +1,24 @@
+Firefox 5.2.13 / Chrome 2017.3.17
+  * Ruleset updates
+
+Firefox 5.2.12 / Chrome 2017.3.9
+  * Excepting loopback hostnames from 'HTTPS Nowhere' functionality
+  * Ruleset updates
+
+Firefox 5.2.11 / Chrome 2017.2.13
+  * Ruleset updates
+
+Firefox 5.2.10 / Chrome 2017.1.25
+  * Removing targets which are HSTS preloaded in all supported browsers
+  * Ruleset updates
+
+Firefox 5.2.9 / Chrome 2016.12.19
+  * Ruleset updates
+  * In HTTP Nowhere mode, attempt HTTPS before block
+
+Firefox 5.2.8 / Chrome 2016.11.30
+  * Ruleset fixes
+
 Firefox 5.2.7 / Chrome 2016.11.8
   * Ruleset fixes