RE: [EXT] bug report: changing http to https in attribute values of HTML snippet

Protocol-relative URLs are no longer considered a good idea. So, this is actually NOT a more reliable method. The most reliable method would be to simply serve all of the assets using HTTPS.


See this page as a reference as to why:




Douglas Perreault, CPA* CITP CGMA
*CPA designation regulated by the State of Florida


From: <> On Behalf Of Kevin Hawkins
Sent: Wednesday, April 14, 2021 8:46 AM
To: Philip Taylor <P.Taylor@Rhul.Ac.Uk>
Subject: Re: [EXT] bug report: changing http to https in attribute values of HTML snippet


On 4/14/21 2:26 AM, Philip Taylor wrote:

Kevin Hawkins wrote:

If you validate the CSS in an HTML file served over HTTPS, the HTML snippet for valid icons that you are offered to for embedding in your HTML includes attribute values with "http://" rather than "https://" .  Embedding this in your page causes Firefox and likely other browsers to complain that your page includes mixed HTTP and HTTPS content, and it the W3C Validator will not validate the page if you click on the link.  I believe you can fix this by simply changing all URLs in attributes to begin with "https://"

The probability of anyone associated with the current W3C validation service making changes in this area tends to 0, but were they motivated so to do, a more reliable method would be to change explicit "http://" prefixes to "//", in which case they will automatically inherit the protocol used to serve the page in which they are embedded.
Philip Taylor

That's fine. I was just submitting this bug per the instructions at .

Received on Saturday, 17 April 2021 17:13:01 UTC