secure.js - Simple javascript include to prevent HTTPS-leaks via included resources. Helps protect against man-in-the-middle attacks.

=============================
=          secure.js        =
=                           =
=          by zx2c4         =
=       Jason Donenfeld     =
=       Jason@zx2c4.com     =
=============================

Sometimes you want to provide a javascript service to somebody,
but you only want it to run in an HTTPS context, because the
information that your script will help gather from the page is
somewhat sensitive.

One way of enforcing HTTPS is to check that location.protocol is
"https:", but this is extremely limited becuase it does not
account for the possibility that your script may be included
along side other scripts from other servers that are not loaded
over HTTPS. When this happens, the security of your site is
defeated, and man-in-the-middle attacks become practical.

secure.js solves this issue by monitoring the DOM for changes and
continiously checking whether or not any external resources have
been added that are non-HTTPS.

Suggestions and improvements are welcome.