Security warning message with effect "show" on https

[jay]

A security warning message occurs if you use the effect "show" on an iframe with Internet Explorer AND https.

Indeed, as mention in  http://support.microsoft.com/default.aspx?scid=kb;en-us;261188, IE 6 displays the message "This page contains both secure and nonsecure items." if an iframe does not contain a src attribute through SSL. src="javascript:void(0)" removes the problem.

Fix (fast, but it works on ie6) : Replace the line :

var elem = jQuery("<" + this.tagName + " />").appendTo("body");

By :

if (this.tagName == 'IFRAME') {

var elem = jQuery("<" + this.tagName + " src=\"javascript:void(0)\"/>").appendTo("body");

} else {

var elem = jQuery("<" + this.tagName + " />").appendTo("body");

}

[jay]

My fix works fine with IE6-SP1 but does not with IE6-SP2. Using src="javascript:" instead of src="javascript:void(0)" resolves the problem :

if (this.tagName == 'IFRAME') {

var elem = jQuery("<" + this.tagName + " src=\"javascript:\"/>").appendTo("body");

} else {

var elem = jQuery("<" + this.tagName + " />").appendTo("body");

}

Note : Microsoft advises to point the iframe to a dummy html page, but it implies to add an empty page to jQuery.

[dmethvin]

Since this problem is for a relatively obscure case on an old browser, it seems like the best solution is to code the workaround outside jQuery as you describe above.