http://userscripts.org/scripts/show/14161 Recent comments on userscript: Google Services in HTPPS en-us 60 <p>Victor, granted your script works in more cases than my <a href="http://userscripts.org/scripts/show/10731">Force HTTPS for GMail, GCal, and GDocs</a> script, but yours only modifies the protocol to secure HTTPS after the page has loaded in non-secure HTTP and the damage was already done.</p> <p>In a man in the middle attack scenario, the attacker will obtain access to an authenticated session with your Google service of choice, while you unknowingly continue to use the service over HTTPS feeling (falsely) secure.</p> <p>I strongly suggest you modify your script or take it down immediately.</p> Mon, 28 Apr 2008 09:22:02 +0000 userscripts.org:13997:47595 Anmar Mansur http://userscripts.org/posts/47595 <p>The following is an archive of comments made before threaded discussions was implemented (November 16th, 2008)</p> Wed, 17 Nov 2004 01:05:16 +0000 userscripts.org:13997:47594 Jesse Andrews http://userscripts.org/posts/47594