You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by "Matej Knopp (JIRA)" <ji...@apache.org> on 2007/12/13 02:20:43 UTC
[jira] Resolved: (WICKET-855) ModalWindow makes Internet Explorer 6
show an security warning dialog
[ https://issues.apache.org/jira/browse/WICKET-855?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matej Knopp resolved WICKET-855.
--------------------------------
Resolution: Fixed
Fix Version/s: (was: 1.3.0-rc1)
1.3.0-rc2
> ModalWindow makes Internet Explorer 6 show an security warning dialog
> ---------------------------------------------------------------------
>
> Key: WICKET-855
> URL: https://issues.apache.org/jira/browse/WICKET-855
> Project: Wicket
> Issue Type: Bug
> Components: wicket-extensions
> Environment: Internet Explorer 6 (probably similar on earlier versions), HTTPS
> Reporter: Peter Ertl
> Assignee: Matej Knopp
> Priority: Critical
> Fix For: 1.3.0-rc2
>
>
> When showing an
> org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow
> over an HTTPS connection Internet Explorer will popup a security warning about showing mixed secure and non-secure content. From the point of usability this is confusing and unnecessary for the user.
> Internet Explorer shows this warning because ModalWindow uses an <iframe> tag without an 'src=' attribute.
> Despite the complex nature of the bug the fix is relatively easy...
> [org.apache.wicket.extensions.ajax.markup.html.modal.res/modal.js]
> change line 1062 from:
> "<iframe frameborder=\"0\" id='"+idContent+"' allowtransparency=\"false\" style=\"height: 200px\">"+
> to
> "<iframe src='://0' frameborder=\"0\" id='"+idContent+"' allowtransparency=\"false\" style=\"height: 200px\">"+
> This way there will be an 'src' attribute in the <iframe> from the very beginning and no warning popup will be shown on explorer anymore.
> The reason for using an obscure url like
> ://0
> is already explained in WICKET-523 (and http://dev.mootools.net/ticket/139)
> As this fix is so easy and the problem is really serious (you effectively can't use ModalWindow in a secure professional environment) I would plead to integrate it before wicket-extensions-1.3 final.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.