Ticket #1920 (closed Bug: fixed)

Opened 3 months ago

Last modified 2 months ago

Warning messages upon opening some dialogs in IE under HTTPS

Reported by: martinkou Assigned to: martinkou
Priority: Normal Milestone: FCKeditor 2.6
Component: UI : Dialogs Version: SVN
Keywords: Confirmed IE Review+ Cc:

Description

Reproduction procedure:

  1. Open sample01.html in IE6 or 7 under HTTPS and domain relaxation mode.
  2. Open the image dialog, or the flash dialog, or the image button dialog.
  3. Warning message about unsafe contents.

Attachments

1920.patch (3.0 kB) - added by martinkou on 03/06/08 09:09:46.
1920_2.patch (2.9 kB) - added by martinkou on 03/10/08 07:28:32.

Change History

02/28/08 08:12:51 changed by martinkou

  • owner changed.
  • component changed from General to UI : Dialogs.

02/28/08 11:37:34 changed by w.olchawa

  • cc deleted.
  • keywords set to Confirmed IE.

Just moved the keywords to "Keywords Filed"

03/06/08 07:32:11 changed by martinkou

  • owner set to martinkou.
  • status changed from new to assigned.

Thanks ;)

Sometimes I'm just too sleepy filling those fields.

03/06/08 07:43:06 changed by martinkou

  • summary changed from Warning messages upon opening some dialogs in IE under HTTPS and domain relaxation mode to Warning messages upon opening some dialogs in IE under HTTPS.

Domain relaxation is not needed, the bug can be reproduced without domain relaxation. Simply HTTPS would trigger the bug.

03/06/08 09:09:46 changed by martinkou

  • attachment 1920.patch added.

03/06/08 09:10:00 changed by martinkou

  • keywords changed from Confirmed IE to Confirmed IE Review?.

03/07/08 10:23:53 changed by fredck

  • keywords changed from Confirmed IE Review? to Confirmed IE Review-.

I'm not able to reproduce this problem with the Flash dialog (with or without domain relaxation). It seems related to the Image dialog exclusively, due to the <img src="javascript:void(0)">

Applying the proposed fix to the image removes the warning, but it's a regression to a previous problem. The browser makes a request for the image to "editor/dialog/fck_image/".

I have the impression that removing the "src" attribute completely from the source would fix it properly, but it has to be well tested across all browsers to be sure nothing get broken.

03/10/08 07:01:02 changed by martinkou

The warning in the Flash dialog appears in IE6 only (even for the IE6 in Multiple IE), it doesn't appear in IE7.

03/10/08 07:28:18 changed by martinkou

  • keywords changed from Confirmed IE Review- to Confirmed IE Review?.

Confirmed deleting the "src" attribute eliminates the security warning on both IE6 and IE7.

The fix for the iframe in the Flash dialog is still needed though, as the original iframe code (even without a src attribute) triggers security warning in IE6.

I'm proposing a new patch with the fixed <img> tag.

03/10/08 07:28:32 changed by martinkou

  • attachment 1920_2.patch added.

03/13/08 11:18:12 changed by fredck

  • keywords changed from Confirmed IE Review? to Confirmed IE Review+.

03/13/08 11:24:53 changed by martinkou

  • status changed from assigned to closed.
  • resolution set to fixed.

Fixed with [1689].

Click here for more info about our SVN system.