Bug Tracker

Opened 15 years ago

Closed 12 years ago

Last modified 11 years ago

#2701 closed bug (wontfix)

Security warning message with effect "show" on https

Reported by: jay Owned by: aflesler
Priority: minor Milestone: 1.2.4
Component: effects Version: 1.2.3
Keywords: show iframe https SSL Cc:
Blocked by: Blocking:

Description

A security warning message occurs if you use the effect "show" on an iframe with Internet Explorer AND https.

Indeed, as mention in http://support.microsoft.com/default.aspx?scid=kb;en-us;261188, IE 6 displays the message "This page contains both secure and nonsecure items." if an iframe does not contain a src attribute through SSL. src="javascript:void(0)" removes the problem.

Fix (fast, but it works on ie6) : Replace the line :

var elem = jQuery("<" + this.tagName + " />").appendTo("body");

By :

if (this.tagName == 'IFRAME') {

var elem = jQuery("<" + this.tagName + " src=\"javascript:void(0)\"/>").appendTo("body");

} else {

var elem = jQuery("<" + this.tagName + " />").appendTo("body");

}

Change History (3)

comment:1 Changed 15 years ago by jay

My fix works fine with IE6-SP1 but does not with IE6-SP2. Using src="javascript:" instead of src="javascript:void(0)" resolves the problem :

if (this.tagName == 'IFRAME') {

var elem = jQuery("<" + this.tagName + " src=\"javascript:\"/>").appendTo("body");

} else {

var elem = jQuery("<" + this.tagName + " />").appendTo("body");

}

Note : Microsoft advises to point the iframe to a dummy html page, but it implies to add an empty page to jQuery.

comment:2 Changed 14 years ago by dmethvin

Owner: set to aflesler
Priority: majorminor

Since this problem is for a relatively obscure case on an old browser, it seems like the best solution is to code the workaround outside jQuery as you describe above.

comment:3 Changed 12 years ago by dmethvin

Resolution: wontfix
Status: newclosed
Note: See TracTickets for help on using tickets.