Bug Tracker

Ticket #2701 (closed bug: wontfix)

Opened 6 years ago

Last modified 2 years ago

Security warning message with effect "show" on https

Reported by: jay Owned by: aflesler
Priority: minor Milestone: 1.2.4
Component: effects Version: 1.2.3
Keywords: show iframe https SSL Cc:
Blocking: Blocked by:

Description

A security warning message occurs if you use the effect "show" on an iframe with Internet Explorer AND https.

Indeed, as mention in  http://support.microsoft.com/default.aspx?scid=kb;en-us;261188, IE 6 displays the message "This page contains both secure and nonsecure items." if an iframe does not contain a src attribute through SSL. src="javascript:void(0)" removes the problem.

Fix (fast, but it works on ie6) : Replace the line :

var elem = jQuery("<" + this.tagName + " />").appendTo("body");

By :

if (this.tagName == 'IFRAME') {

var elem = jQuery("<" + this.tagName + " src=\"javascript:void(0)\"/>").appendTo("body");

} else {

var elem = jQuery("<" + this.tagName + " />").appendTo("body");

}

Change History

comment:1 Changed 6 years ago by jay

My fix works fine with IE6-SP1 but does not with IE6-SP2. Using src="javascript:" instead of src="javascript:void(0)" resolves the problem :

if (this.tagName == 'IFRAME') {

var elem = jQuery("<" + this.tagName + " src=\"javascript:\"/>").appendTo("body");

} else {

var elem = jQuery("<" + this.tagName + " />").appendTo("body");

}

Note : Microsoft advises to point the iframe to a dummy html page, but it implies to add an empty page to jQuery.

comment:2 Changed 6 years ago by dmethvin

  • Owner set to aflesler
  • Priority changed from major to minor

Since this problem is for a relatively obscure case on an old browser, it seems like the best solution is to code the workaround outside jQuery as you describe above.

comment:3 Changed 4 years ago by dmethvin

  • Status changed from new to closed
  • Resolution set to wontfix
Note: See TracTickets for help on using tickets.