#2701 closed bug (wontfix)
Security warning message with effect "show" on https
| Reported by: | jay | Owned by: | aflesler |
|---|---|---|---|
| Priority: | minor | Milestone: | 1.2.4 |
| Component: | effects | Version: | 1.2.3 |
| Keywords: | show iframe https SSL | Cc: | |
| Blocked by: | Blocking: |
Description
A security warning message occurs if you use the effect "show" on an iframe with Internet Explorer AND https.
Indeed, as mention in http://support.microsoft.com/default.aspx?scid=kb;en-us;261188, IE 6 displays the message "This page contains both secure and nonsecure items." if an iframe does not contain a src attribute through SSL. src="javascript:void(0)" removes the problem.
Fix (fast, but it works on ie6) : Replace the line :
var elem = jQuery("<" + this.tagName + " />").appendTo("body");
By :
if (this.tagName == 'IFRAME') {
var elem = jQuery("<" + this.tagName + " src=\"javascript:void(0)\"/>").appendTo("body");
} else {
var elem = jQuery("<" + this.tagName + " />").appendTo("body");
}
Change History (3)
comment:1 Changed 15 years ago by
comment:2 Changed 14 years ago by
| Owner: | set to aflesler |
|---|---|
| Priority: | major → minor |
Since this problem is for a relatively obscure case on an old browser, it seems like the best solution is to code the workaround outside jQuery as you describe above.
comment:3 Changed 12 years ago by
| Resolution: | → wontfix |
|---|---|
| Status: | new → closed |
My fix works fine with IE6-SP1 but does not with IE6-SP2. Using src="javascript:" instead of src="javascript:void(0)" resolves the problem :
if (this.tagName == 'IFRAME') {
} else {
}
Note : Microsoft advises to point the iframe to a dummy html page, but it implies to add an empty page to jQuery.