Skip to main content

Bug Tracker

Side navigation

#2701 closed bug (wontfix)

Opened April 17, 2008 07:09AM UTC

Closed November 14, 2010 02:11PM UTC

Last modified March 15, 2012 09:12AM UTC

Security warning message with effect "show" on https

Reported by: jay Owned by: aflesler
Priority: minor Milestone: 1.2.4
Component: effects Version: 1.2.3
Keywords: show iframe https SSL Cc:
Blocked by: Blocking:
Description

A security warning message occurs if you use the effect "show" on an iframe with Internet Explorer AND https.

Indeed, as mention in http://support.microsoft.com/default.aspx?scid=kb;en-us;261188, IE 6 displays the message "This page contains both secure and nonsecure items." if an iframe does not contain a src attribute through SSL. src="javascript:void(0)" removes the problem.

Fix (fast, but it works on ie6) :

Replace the line :

var elem = jQuery("<" + this.tagName + " />").appendTo("body");

By :

if (this.tagName == 'IFRAME') {

var elem = jQuery("<" + this.tagName + " src=\\"javascript:void(0)\\"/>").appendTo("body");

} else {

var elem = jQuery("<" + this.tagName + " />").appendTo("body");

}

Attachments (0)
Change History (3)

Changed April 21, 2008 02:15PM UTC by jay comment:1

My fix works fine with IE6-SP1 but does not with IE6-SP2. Using src="javascript:''" instead of src="javascript:void(0)" resolves the problem :

if (this.tagName == 'IFRAME') {

var elem = jQuery("<" + this.tagName + " src=\\"javascript:''\\"/>").appendTo("body");

} else {

var elem = jQuery("<" + this.tagName + " />").appendTo("body");

}

Note : Microsoft advises to point the iframe to a dummy html page, but it implies to add an empty page to jQuery.

Changed January 11, 2009 03:01AM UTC by dmethvin comment:2

owner: → aflesler
priority: majorminor

Since this problem is for a relatively obscure case on an old browser, it seems like the best solution is to code the workaround outside jQuery as you describe above.

Changed November 14, 2010 02:11PM UTC by dmethvin comment:3

resolution: → wontfix
status: newclosed