You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tapestry.apache.org by RR <se...@gmail.com> on 2005/09/15 23:42:16 UTC
Re: DatePicker security warning in IE with SSL connection RESOLVED
Thanks to this thread,
http://thread.gmane.org/gmane.comp.java.tapestry.user/13528, I have changed
DatePicker.js:
(previous line)
underDiv.innerHTML = "<iframe width=\"100%\" height=\"100%\"
frameborder=\"0\"></iframe>";
(new code)
underDiv.innerHTML = "<iframe width=\"100%\" height=\"100%\"
frameborder=\"0\" src=\"https:\"> </iframe>";
Works wonderfully.
On 9/15/05, RR <se...@gmail.com> wrote:
>
>
> >opening the DatePicker window yields a security warning in Internet
> >Explorer when using an SSL connection. The message is the infamous "This
> >page contains both *
> secure* and non*secure* *items*. Do you want to display
> >the non*
> secure* *items*?".
> http://article.gmane.org/gmane.comp.java.tapestry.user/7271/match=+secure+items
>
>
> In Tapestry 3 I'm having the same problem as above -- wondering if anyone
> else has experienced it and found a solution? This thread is old and I
> haven't found anything else related.
>
> What I've tried (and without resolution):
>
> 1)added my cert as a trusted cert
> 2)changed the component render to place an onclick in the image instead of
> wrapping it as an anchor
> 3)explicitly added "https:" in front of the rendered src attribute on the
> img.
>
> Any other ideas out there?
>
>
>
>
Re: DatePicker security warning in IE with SSL connection RESOLVED
Posted by RR <se...@gmail.com>.
Branding myself a hasty hoser, the previously posted code did not work (my
test page was cached with a previous attempt).
So, for real this time, the fix is: commenting out that line of code for
generating the IFrame. Of course, if you have a dropdown underneath it then
you'll probably want it, but that's a tradeoff explicitly awaiting IE
developers. This fix is quick and dirty, but it works for me since we don't
have any Selects near DatePickers.
http://support.microsoft.com/default.aspx?scid=kb;en-us;177378
" However, IFRAME tries to draw on top of *SELECT* because it is last in the
order. To prevent this, the value of the *SELECT* element's *z-index* must
be greater than that of the IFRAME, or the *SELECT* element must be last in
the list to ensure that the element always draws on top of the IFRAME when
the z-indexes are the same. Because of this, z-indexing similar content can
be difficult."
IFrame security covered here (Dec 04, which explains why the DatePicker was
working fine in IE last year at this time):
http://www.microsoft.com/technet/security/bulletin/ms04-040.mspx
Hopefully I'm done with this topic, apologies for the repeated posts,
-RR-
On 9/15/05, RR <se...@gmail.com> wrote:
>
> Thanks to this thread,
> http://thread.gmane.org/gmane.comp.java.tapestry.user/13528, I have
> changed DatePicker.js:
>
> (previous line)
> underDiv.innerHTML = "<iframe width=\"100%\" height=\"100%\"
> frameborder=\"0\"></iframe>";
>
> (new code)
> underDiv.innerHTML = "<iframe width=\"100%\" height=\"100%\"
> frameborder=\"0\" src=\"https:\"> </iframe>";
>
> Works wonderfully.
>
> On 9/15/05, RR <se...@gmail.com> wrote:
> >
> >
> > >opening the DatePicker window yields a security warning in Internet
> > >Explorer when using an SSL connection. The message is the infamous "This
> > >page contains both *
> > secure* and non*secure* *items*. Do you want to display
> > >the non*
> > secure* *items*?".
> >
> > http://article.gmane.org/gmane.comp.java.tapestry.user/7271/match=+secure+items
> >
> >
> > In Tapestry 3 I'm having the same problem as above -- wondering if
> > anyone else has experienced it and found a solution? This thread is old and
> > I haven't found anything else related.
> >
> > What I've tried (and without resolution):
> >
> > 1)added my cert as a trusted cert
> > 2)changed the component render to place an onclick in the image instead
> > of wrapping it as an anchor
> > 3)explicitly added "https:" in front of the rendered src attribute on
> > the img.
> >
> > Any other ideas out there?
> >
> >
> >
> >
>