Tracker link: MDL-46269
Security and privacy
HTTP to HTTPS converter for external content
Personally I think the "new content" issue should be resolved in the editor on saving content - it would be nice if it could do an automatic check and fix anything it can fix automatically and then warn the user perform some validation to report to the user that to embed the content they must find an https link.
Then we can just use an admin tool to fix "existing" content and don't need to rely on a filter that adds performance overheads to the site.
Yeah the filter is added overhead. Then again, if we don't implement a filter, we will need the admin tool to run during upgrade, then again once the admin finishes putting together their whitelist.
The filter would work nicely for existing content, allowing the admin to locate items that don't work and gradually add them to the whitelist, without having to run the tool each time.