On 2/3/12 11:15 PM, Ian Hickson wrote:
No, I agree with you that if the author is using HTTP styles on their HTTPS page that an attacker could screw with the page. But my point is that fixing that is easy: just move the styles to HTTPS. In the case of scripts it's not that easy because the scripts might be on third-party servers
Styles are also commonly found on third-party servers...
in complicated setups
Likewise. But yeah, I'd love to hear from Adam here. -Boris
