(function() {
	var secureJS = {
		destroyPage: function() {
			this.checkAndDestroy = function() {};
			if (window.stop)
				window.stop();
			//TODO: Figure out how to halt all existing concurrent and async scripts, and clear all timers.
			alert("This is a nasty alert box. Aren't JavaScript alerts so 1995? Yes, and so is plaintext HTTP.\n\nYou screwed up; your page isn't secure. Get it together. Fix things.");
			window.location = "https://en.wikipedia.org/wiki/HTTP_Secure";
			throw "Insecure site.";
		},
 		checkPageProtocol: function() {
			return window.location.protocol == "https:";
		},
 		checkCollectionProtocol: function(collection, attribute) {
			for (var i = 0; i < collection.length; ++i) {
				var location = collection[i].getAttribute(attribute);
				if (location == null)
					continue;
				// I actually have never read the URI RFC, so I'm sure there are special
				// cases that really should be taken into account that I neglect here.
				//TODO: Don't be a fool; do this properly.
				var firstSlash = location.indexOf("/");
				var firstDot = location.indexOf("/");
				var protocolDelim = location.indexOf("://");
				if (protocolDelim != -1 &&
				    (firstSlash == -1 || protocolDelim < firstSlash) &&
				    (firstDot == -1 || protocolDelim < firstDot) &&
				    location.indexOf("https") != 0)
					return false;
			}
			return true;
		},
 		isPageSecure: function() {
			return this.checkPageProtocol() &&
			       this.checkCollectionProtocol(document.getElementsByTagName("script"), "src") &&
			       this.checkCollectionProtocol(document.getElementsByTagName("link"), "rel");
			       //TODO: What else is missing here? Embeds, objects, applets, probably a bunch of other info leaks.
			       // It might be nice to check that document.cookie is empty too, to check enforcement of httpOnly flag.
		},
 		checkAndDestroy: function() {
			if (!this.isPageSecure())
				this.destroyPage();
		}
	};
	
	document.addEventListener("DOMContentLoaded", function() { secureJS.checkAndDestroy(); }, true);
	document.addEventListener("DOMNodeInserted", function() { secureJS.checkAndDestroy(); }, true);
	document.addEventListener("DOMNodeInsertedIntoDocument", function() { secureJS.checkAndDestroy(); }, true);
	document.addEventListener("DOMAttrModified", function() { secureJS.checkAndDestroy(); }, true);
	document.addEventListener("DOMElementNameChanged", function() { secureJS.checkAndDestroy(); }, true);
	document.addEventListener("DOMContentLoaded", function() { secureJS.checkAndDestroy(); }, true);
	var timer = function() {
		secureJS.checkAndDestroy();
		//TODO: 500ms? Good? Bad? Polling this much or even at all isn't strictly neccessary,
		// because of DOMNodeInserted, but just to be safe... What do you think?
		window.setTimeout(timer, 500);
	};
	timer();
})();