On Tue, Jun 09, 2015 at 02:50:30PM +0000, eocene wrote:
It would be nice to put out some new stuff.
Primary motivations:
1. placeholder attributes for textarea/input are everywhere, and often they have no other explanation of their purpose. Having to guess "this is probably for search, this is probably for username, this is probably for password" is no fun. 2. I know there are users just trusting dillo's https, so at the least it would be good for their https dpis to have a better cipher list and to disable SSL3 and compression.
SSL3 and compression are not the main issue. HTTPS in dillo is completely broken because it does not check for domain name in the certificate. hg tip has checking code copied from wget and current dillo release has no code for it at all. It means that Dillo accepts any valid certificate as a certificate for, let's say, gmail. You can get one from StartSSL for free and test, it works.