HTTPS issues with doRemoveHttpPrefixFromAttributes

[highstrike]

Hey,

If doRemoveHttpPrefixFromAttributes is set to true (default)
and your current website protocol is https
and you have external links in your website without https

the links will break because the minifier will remove the http or https part of the link and only leave //

Example site where your library is deployed -- https://www.example.com
External link in website is -- http://www.mirror.com
After minify link is transformed into //www.mirror.com and when you click it it actually takes you to -- https://www.mirror.com
Therefore the link breaks because www.mirror.com is working only on http and is not responding on https.

Probably adding an extra condition (after the rel external and target _blank conditions) to check the current protocol against the protocol of the link (so proceed only if protocols match) will make this feature a lot safer.

Example:
on https protocol, link with https, remove the protocol and leave only //
on https protocol, link with http, don't remove the protocol because the link will break
on http protocol, link with http, remove the protocol and leave only //
on http protocol, link with https, don't remove the protocol because while some websites will redirect to https, others might not and the link will break

Thanks

PS: I know, I'm to blame for not using rel="external" on actual external links but sometimes I forget, okay? 😆

[Bilge]

I came here to post exactly this issue. The doRemoveHttpPrefixFromAttributes optimization is completely invalid because //example.com is not the same as http://example.com unless the page containing the link happens to be hosted on the same protocol. If the page is hosted on HTTPS, //example.com implies https://example.com, which is completely different and may not exist.

It is not sufficient to simply disable this by default, the optimization is fundamentally invalid and should be removed.