I don't understand force https option

[anthoy]

Source NoScript Faq:

"...In order to mitigate these issues, NoScript can be configured to honor your whitelist only if the current page is served through HTTPS, and therefore cannot be spoofed...."

Where is this whitelist?

Q: How can I tell NoScript to allow only the sites of my whitelist which are served through HTTPS?
A: Open NoScript Options|Advanced|HTTPS|Behavior, click under Forbid active web content unless it comes from a secure (HTTPS) connection and choose one among:

1. Never - every site matching your whitelist gets allowed to run active content.
2. When using a proxy (recommended with Tor) - only whitelisted sites which are being served through HTTPS are allowed when coming through a proxy. This way, even if an evil node in your proxy chain manages to spoof a site in your whitelist, it won't be allowed to run active content anyway.
3. Always - no page loaded by a plain HTTP or FTP connection is allowed.

If I set Always and then I go to this site firefox warn me about unencrypted information. But Should NoScript block the unencrypted content?

Can someone explain me this option?

Thanks

[therube]

I get a broken https: icon without forcing anything, so guessing something is broken in general with that site?

[Giorgio Maone]

The option you're talking about says "Forbid active content unless it comes from a HTTP connection".
It means that your usual NoScript whitelist (the one in NoScript Options|Whitelist) is filtered on the fly, letting scripts, flash and other active content (according to your NoScript Options|Plugins) run only if coming from a secure connection.

"Force HTTPS" is a different option: you've got two boxes where you can put the sites you want to be automatically redirected on HTTPS if Firefox tries to connect via plain HTTP, and exceptions to this rule.