You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@wicket.apache.org by "Matej Knopp (JIRA)" <ji...@apache.org> on 2007/12/13 02:20:43 UTC

[jira] Resolved: (WICKET-855) ModalWindow makes Internet Explorer 6 show an security warning dialog

     [ https://issues.apache.org/jira/browse/WICKET-855?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Matej Knopp resolved WICKET-855.
--------------------------------

       Resolution: Fixed
    Fix Version/s:     (was: 1.3.0-rc1)
                   1.3.0-rc2

> ModalWindow makes Internet Explorer 6 show an security warning dialog
> ---------------------------------------------------------------------
>
>                 Key: WICKET-855
>                 URL: https://issues.apache.org/jira/browse/WICKET-855
>             Project: Wicket
>          Issue Type: Bug
>          Components: wicket-extensions
>         Environment: Internet Explorer 6 (probably similar on earlier versions), HTTPS
>            Reporter: Peter Ertl
>            Assignee: Matej Knopp
>            Priority: Critical
>             Fix For: 1.3.0-rc2
>
>
> When showing an
>    org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow
> over an HTTPS connection Internet Explorer will popup a security warning about showing mixed secure and non-secure content. From the point of usability this is confusing and unnecessary for the user.
> Internet Explorer shows this warning because ModalWindow uses an <iframe> tag without an 'src=' attribute. 
> Despite the complex nature of the bug the fix is relatively easy...
> [org.apache.wicket.extensions.ajax.markup.html.modal.res/modal.js]
>   change line 1062 from:
>      "<iframe frameborder=\"0\" id='"+idContent+"' allowtransparency=\"false\" style=\"height: 200px\">"+
>   to
>      "<iframe src='://0' frameborder=\"0\" id='"+idContent+"' allowtransparency=\"false\" style=\"height: 200px\">"+
> This way there will be an 'src' attribute in the <iframe> from the very beginning and no warning popup will be shown on explorer anymore.
> The reason for using an obscure url like
>  ://0
> is already explained in WICKET-523 (and http://dev.mootools.net/ticket/139)
> As this fix is so easy and the problem is really serious (you effectively can't use ModalWindow in a secure professional environment) I would plead to integrate it before wicket-extensions-1.3 final.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.