Bookmarklet on https page

Question

Bookmarklet on https page

I'm trying to make a bookmarklet for use on youtube and other video sites, to easily get information from the video and save it elsewhere.

From today, apparently, I can no longer do this, since youtube is forcibly connected to the https connection and from what I read in the Chrome console window, the bookmarklet does not start on the https page. Is there a workaround?

Here is the edited code:

javascript:(function(){var jsCode=document.createElement('script');jsCode.setAttribute('src','http://[mysite]/b/enter.php?i=userid&r='+Math.random());document.body.appendChild(jsCode);}());

+6

javascript https bookmarklet

maugch Jan 16 '13 at 20:58

source share

4 answers

In Firefox, if you want to run a bookmarklet that links to http on an https page, a way around this is to temporarily disable security.mixed_content.block_active_content . There are two ways to do this.

go to about:config in a new tab, find security.mixed_content.block_active_content , and then switch the value to false . Launch your bookmarklet and then switch it back to true (since you probably want it to turn on most of the time).
use add-on / extension to switch the block. A quick search turned out to “Switch Mixed Active Content” , and a quick test seems to work well. There may be others.

Have fun and be careful. Here are the dragons!

+4

caponica Aug 7 '14 at 20:12

source share

bookmarklet does not start on https page

Why not?

Try switching to the HTTPS domain yourself. Typically, HTTP content is blocked when you are in the HTTPS domain.

+3

Halcyon Jan 16 '13 at 21:00

source share

I created a workaround for this problem using Greisemonkey userscript . Now you can have bookmarklets on all CSP and https: // sites, as well as have your bookmarks in a good, easily editable library file instead of being individually bookmarked.

+1

Bill d May 09 '15 at 4:27

source share

apsillers · Accepted Answer · 2013-01-16T21:10:21+0000

Google Chrome (and possibly other browsers?) Blocks access to HTTP resources from an HTTPS document. This prevents mixed content attacks, in which unreliable HTTP scripts can be intercepted by an attacker in transit through the network and modified to perform any malicious activity (for example, leak of cookies or confidential information about the page to third parties). Such violation will cancel any protection provided by Https

Chrome was used to give an outstanding warning about blocking an insecure resource, but now it no longer does this, and all insecure loads powerlessly fail. The only solution available to you at this time is to use HTTPS yourself when you are serving the script.

Bookmarklet on https page

More articles: