Re: DatePicker security warning in IE with SSL connection RESOLVED

[RR <se...@gmail.com>]

Thanks to this thread, 
http://thread.gmane.org/gmane.comp.java.tapestry.user/13528, I have changed 
DatePicker.js:

(previous line) 
underDiv.innerHTML = "<iframe width=\"100%\" height=\"100%\" 
frameborder=\"0\"></iframe>";

(new code)
underDiv.innerHTML = "<iframe width=\"100%\" height=\"100%\" 
frameborder=\"0\" src=\"https:\"> </iframe>";

Works wonderfully.

On 9/15/05, RR <se...@gmail.com> wrote:
> 
> 
> >opening the DatePicker window yields a security warning in Internet
> >Explorer when using an SSL connection. The message is the infamous "This
> >page contains both *
> secure* and non*secure* *items*. Do you want to display
> >the non*
> secure* *items*?".
> http://article.gmane.org/gmane.comp.java.tapestry.user/7271/match=+secure+items
> 
> 
> In Tapestry 3 I'm having the same problem as above -- wondering if anyone 
> else has experienced it and found a solution? This thread is old and I 
> haven't found anything else related. 
> 
> What I've tried (and without resolution):
> 
> 1)added my cert as a trusted cert
> 2)changed the component render to place an onclick in the image instead of 
> wrapping it as an anchor
> 3)explicitly added "https:" in front of the rendered src attribute on the 
> img.
> 
> Any other ideas out there?
> 
> 
> 
>

Re: DatePicker security warning in IE with SSL connection RESOLVED

[RR <se...@gmail.com>]

Branding myself a hasty hoser, the previously posted code did not work (my 
test page was cached with a previous attempt).

So, for real this time, the fix is: commenting out that line of code for 
generating the IFrame. Of course, if you have a dropdown underneath it then 
you'll probably want it, but that's a tradeoff explicitly awaiting IE 
developers. This fix is quick and dirty, but it works for me since we don't 
have any Selects near DatePickers.

http://support.microsoft.com/default.aspx?scid=kb;en-us;177378
" However, IFRAME tries to draw on top of *SELECT* because it is last in the 
order. To prevent this, the value of the *SELECT* element's *z-index* must 
be greater than that of the IFRAME, or the *SELECT* element must be last in 
the list to ensure that the element always draws on top of the IFRAME when 
the z-indexes are the same. Because of this, z-indexing similar content can 
be difficult."

IFrame security covered here (Dec 04, which explains why the DatePicker was 
working fine in IE last year at this time):
http://www.microsoft.com/technet/security/bulletin/ms04-040.mspx

Hopefully I'm done with this topic, apologies for the repeated posts,
-RR-

On 9/15/05, RR <se...@gmail.com> wrote:
> 
> Thanks to this thread, 
> http://thread.gmane.org/gmane.comp.java.tapestry.user/13528, I have 
> changed DatePicker.js:
> 
> (previous line) 
> underDiv.innerHTML = "<iframe width=\"100%\" height=\"100%\" 
> frameborder=\"0\"></iframe>";
> 
> (new code)
> underDiv.innerHTML = "<iframe width=\"100%\" height=\"100%\" 
> frameborder=\"0\" src=\"https:\"> </iframe>";
> 
> Works wonderfully.
> 
> On 9/15/05, RR <se...@gmail.com> wrote:
> > 
> > 
> > >opening the DatePicker window yields a security warning in Internet
> > >Explorer when using an SSL connection. The message is the infamous "This
> > >page contains both *
> > secure* and non*secure* *items*. Do you want to display
> > >the non*
> > secure* *items*?".
> > 
> > http://article.gmane.org/gmane.comp.java.tapestry.user/7271/match=+secure+items
> > 
> > 
> > In Tapestry 3 I'm having the same problem as above -- wondering if 
> > anyone else has experienced it and found a solution? This thread is old and 
> > I haven't found anything else related. 
> > 
> > What I've tried (and without resolution):
> > 
> > 1)added my cert as a trusted cert
> > 2)changed the component render to place an onclick in the image instead 
> > of wrapping it as an anchor
> > 3)explicitly added "https:" in front of the rendered src attribute on 
> > the img.
> > 
> > Any other ideas out there?
> > 
> > 
> > 
> > 
>