Detect mixed content when posts are saved

[johnbillion]

Scenario: I'm writing a post and embed some media from a non-secure resource. Although this mixed content will be reported once somebody views the post (either when it's previewed or after it's published), it would be handy if the mixed content was detected server-side when the post was saved, with an appropriate notice subsequently shown on the post editing screen.

This would allow editors to be alerted to mixed content in a post before it's published.

[tollmanz]

It's funny that you mention this. My original idea was to do exactly that. I later abandoned it for the more powerful CSP method. My thinking was that most people writing and preparing posts will preview the post before publishing, which will present a chance for CSP to catch the error; however, that's a very big assumption.

That said, I am not opposed to incorporating this into the process. I might even lean toward monitoring violations with JS as writers as preparing content. I think I would hold off logging the violations until the post is published though in order to reduce overall noise during the authoring process.

Are you aware of any plugins that do this type of monitoring of content while it is being produced? I'm mostly curious about how to produce an effective UX for such a feature.

[johnbillion]

After The Deadline (now merged into Jetpack) might be worth looking at.

Personally, I imagined it would run the check server-side, store the results in post meta, and present any violations in something that resembles a post updated message. The persistence means the violations can be viewed at any point.

Only problem is it would require a whole bunch of logic that would effectively be a reimplementation of the browser's CSP.

Another option might be to load the CSP beacon on the post editing screen to, and get it to pick up and report violations in the visual editor.