[OT] gmail behaviour

Thomas McGrath III 3mcgrath at comcast.net
Thu Feb 28 10:06:12 EST 2008

HOWEVER, If you switch to HTML view and not Standard (Javascript) then  
repeat the same process you WILL notice that the two pages are  

ie. Switch to HTML

view source
<base href="http://mail.google.com/mail/h/hjelqk30gklk/">
<a href="http://mail.google.com/mail/h/altta7uchfur/? 
logout&hl=en">Sign out</a>

TYPE in the missing "s" after http so that it is now https://
load page
view source
<base href="https://mail.google.com/mail/h/13n08066yemid/">
<a href="https://mail.google.com/mail/h/altta7uchfur/? 
logout&hl=en">Sign out</a>

I would stay in Standard View and let the JS handle the encryption OR  
just type in the missing "s" and use the secure HTML View.


On Feb 28, 2008, at 9:57 AM, Thomas McGrath III wrote:

> If you type the missing "s" after http in Mail it will take you to  
> the https:// page BUT it is not secure!!!! It is heavily reliant on  
> Javascript and cookies to load your information.
> Look at the source code for each view and you will see they are both  
> the SAME code. http:// & https:// source is identical.
> And they both point ONLY to the original http://  NOT to any  
> https:// at all.
> From the source code view do a search for https and you will find  
> nothing but just http will show the actual targets from within this  
> site.
> Tom

More information about the Use-livecode mailing list