Bug Tracker

Opened 7 years ago

Closed 7 years ago

Last modified 7 years ago

#11928 closed bug (duplicate)

IE6/IE7 security warning when using $.get() to add HTML content with inline CSS background img rules

Reported by: tuomas.salo@… Owned by:
Priority: undecided Milestone: None
Component: unfiled Version: 1.7.2
Keywords: Cc:
Blocked by: Blocking:

Description

When using $.get(...) to add content to an HTTPS page, IE7 gives a false security warning if the content HTML includes an inline CSS rule that loads a background image with a relative url.

Affected browsers: IE6, IE7.

Test case: https://venko.net/testing/ie7-test.html

jQuery versions: at least v1.7.2 and a recent git copy (v1.8.0pre).

What happened: when I clicked the text, IE loaded the image AND displayed the warning ("this page contains both...").

What I expected to happen: Load the image, no security warning.

This bug might not be worth fixing in jQuery (or even possible), but I did notice that the same doesn't happen with $(selector).load(...).

Possible workarounds:

  • use absolute urls
  • use external stylesheets
  • use $(selector).load(...) or another method

Change History (3)

comment:1 Changed 7 years ago by dmethvin

Resolution: duplicate
Status: newclosed

comment:2 Changed 7 years ago by dmethvin

Duplicate of #11600.

comment:3 Changed 7 years ago by tuomas.salo@…

I'm not sure whether this is a duplicate of #11600.

This bug is showing on IE6/IE7, while #11600 is reportedly showing on IE7/IE8. (This might also be OS dependent, so might need more testing.)

#11600 is about using $(selector).load(url, selector), while I'm using $.get(...).

If I have time, I'll try to reproduce this bug with $(selector).load(url, selector) and add a link to a test case.

Note: See TracTickets for help on using tickets.