You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by "Peter Ertl (JIRA)" <ji...@apache.org> on 2007/08/17 13:32:33 UTC
[jira] Created: (WICKET-855) ModalWindow makes Internet Explorer 6
show an security warning dialog
ModalWindow makes Internet Explorer 6 show an security warning dialog
---------------------------------------------------------------------
Key: WICKET-855
URL: https://issues.apache.org/jira/browse/WICKET-855
Project: Wicket
Issue Type: Bug
Components: wicket-extensions
Environment: Internet Explorer 6 (probably similar on earlier versions), HTTPS
Reporter: Peter Ertl
Priority: Critical
When showing an
org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow
over an HTTPS connection Internet Explorer will popup a security warning about showing mixed secure and non-secure content. From the point of usability this is confusing and unnecessary for the user.
Internet Explorer shows this warning because ModalWindow uses an <iframe> tag without an 'src=' attribute.
Despite the complex nature of the bug the fix is relatively easy...
[org.apache.wicket.extensions.ajax.markup.html.modal.res/modal.js]
change line 1062 from:
"<iframe frameborder=\"0\" id='"+idContent+"' allowtransparency=\"false\" style=\"height: 200px\">"+
to
"<iframe src='://0' frameborder=\"0\" id='"+idContent+"' allowtransparency=\"false\" style=\"height: 200px\">"+
This way there will be an 'src' attribute in the <iframe> from the very beginning and no warning popup will be shown on explorer anymore.
The reason for using an obscure url like
://0
is already explained in WICKET-523 (and http://dev.mootools.net/ticket/139)
As this fix is so easy and the problem is really serious (you effectively can't use ModalWindow in a secure professional environment) I would plead to integrate it before wicket-extensions-1.3 final.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (WICKET-855) ModalWindow makes Internet Explorer 6
show an security warning dialog
Posted by "Alastair Maw (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WICKET-855?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alastair Maw reassigned WICKET-855:
-----------------------------------
Assignee: Alastair Maw
> ModalWindow makes Internet Explorer 6 show an security warning dialog
> ---------------------------------------------------------------------
>
> Key: WICKET-855
> URL: https://issues.apache.org/jira/browse/WICKET-855
> Project: Wicket
> Issue Type: Bug
> Components: wicket-extensions
> Environment: Internet Explorer 6 (probably similar on earlier versions), HTTPS
> Reporter: Peter Ertl
> Assignee: Alastair Maw
> Priority: Critical
> Fix For: 1.3.0-beta4
>
>
> When showing an
> org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow
> over an HTTPS connection Internet Explorer will popup a security warning about showing mixed secure and non-secure content. From the point of usability this is confusing and unnecessary for the user.
> Internet Explorer shows this warning because ModalWindow uses an <iframe> tag without an 'src=' attribute.
> Despite the complex nature of the bug the fix is relatively easy...
> [org.apache.wicket.extensions.ajax.markup.html.modal.res/modal.js]
> change line 1062 from:
> "<iframe frameborder=\"0\" id='"+idContent+"' allowtransparency=\"false\" style=\"height: 200px\">"+
> to
> "<iframe src='://0' frameborder=\"0\" id='"+idContent+"' allowtransparency=\"false\" style=\"height: 200px\">"+
> This way there will be an 'src' attribute in the <iframe> from the very beginning and no warning popup will be shown on explorer anymore.
> The reason for using an obscure url like
> ://0
> is already explained in WICKET-523 (and http://dev.mootools.net/ticket/139)
> As this fix is so easy and the problem is really serious (you effectively can't use ModalWindow in a secure professional environment) I would plead to integrate it before wicket-extensions-1.3 final.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (WICKET-855) ModalWindow makes Internet Explorer 6
show an security warning dialog
Posted by "Matej Knopp (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WICKET-855?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matej Knopp resolved WICKET-855.
--------------------------------
Resolution: Fixed
Fix Version/s: (was: 1.3.0-rc1)
1.3.0-rc2
> ModalWindow makes Internet Explorer 6 show an security warning dialog
> ---------------------------------------------------------------------
>
> Key: WICKET-855
> URL: https://issues.apache.org/jira/browse/WICKET-855
> Project: Wicket
> Issue Type: Bug
> Components: wicket-extensions
> Environment: Internet Explorer 6 (probably similar on earlier versions), HTTPS
> Reporter: Peter Ertl
> Assignee: Matej Knopp
> Priority: Critical
> Fix For: 1.3.0-rc2
>
>
> When showing an
> org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow
> over an HTTPS connection Internet Explorer will popup a security warning about showing mixed secure and non-secure content. From the point of usability this is confusing and unnecessary for the user.
> Internet Explorer shows this warning because ModalWindow uses an <iframe> tag without an 'src=' attribute.
> Despite the complex nature of the bug the fix is relatively easy...
> [org.apache.wicket.extensions.ajax.markup.html.modal.res/modal.js]
> change line 1062 from:
> "<iframe frameborder=\"0\" id='"+idContent+"' allowtransparency=\"false\" style=\"height: 200px\">"+
> to
> "<iframe src='://0' frameborder=\"0\" id='"+idContent+"' allowtransparency=\"false\" style=\"height: 200px\">"+
> This way there will be an 'src' attribute in the <iframe> from the very beginning and no warning popup will be shown on explorer anymore.
> The reason for using an obscure url like
> ://0
> is already explained in WICKET-523 (and http://dev.mootools.net/ticket/139)
> As this fix is so easy and the problem is really serious (you effectively can't use ModalWindow in a secure professional environment) I would plead to integrate it before wicket-extensions-1.3 final.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (WICKET-855) ModalWindow makes Internet Explorer
6 show an security warning dialog
Posted by "Peter Ertl (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WICKET-855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12523602 ]
Peter Ertl commented on WICKET-855:
-----------------------------------
What version of Explorer are you using?
can you locate an entry in regedit for GUID = 7B206F1C88-CAC3-4131-BBC0-7C7F5260F7F7 ...?
> ModalWindow makes Internet Explorer 6 show an security warning dialog
> ---------------------------------------------------------------------
>
> Key: WICKET-855
> URL: https://issues.apache.org/jira/browse/WICKET-855
> Project: Wicket
> Issue Type: Bug
> Components: wicket-extensions
> Environment: Internet Explorer 6 (probably similar on earlier versions), HTTPS
> Reporter: Peter Ertl
> Assignee: Alastair Maw
> Priority: Critical
> Fix For: 1.3.0-beta4
>
>
> When showing an
> org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow
> over an HTTPS connection Internet Explorer will popup a security warning about showing mixed secure and non-secure content. From the point of usability this is confusing and unnecessary for the user.
> Internet Explorer shows this warning because ModalWindow uses an <iframe> tag without an 'src=' attribute.
> Despite the complex nature of the bug the fix is relatively easy...
> [org.apache.wicket.extensions.ajax.markup.html.modal.res/modal.js]
> change line 1062 from:
> "<iframe frameborder=\"0\" id='"+idContent+"' allowtransparency=\"false\" style=\"height: 200px\">"+
> to
> "<iframe src='://0' frameborder=\"0\" id='"+idContent+"' allowtransparency=\"false\" style=\"height: 200px\">"+
> This way there will be an 'src' attribute in the <iframe> from the very beginning and no warning popup will be shown on explorer anymore.
> The reason for using an obscure url like
> ://0
> is already explained in WICKET-523 (and http://dev.mootools.net/ticket/139)
> As this fix is so easy and the problem is really serious (you effectively can't use ModalWindow in a secure professional environment) I would plead to integrate it before wicket-extensions-1.3 final.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (WICKET-855) ModalWindow makes Internet Explorer
6 show an security warning dialog
Posted by "Alex Burgel (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WICKET-855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12545692 ]
Alex Burgel commented on WICKET-855:
------------------------------------
it looks like your fix for this issue didn't make it into rc1. thats what threw me off. (the "Fix version" field should probably be updated.)
i will try the newer version of modal.js tomorrow to see if it fixes my problem.
> ModalWindow makes Internet Explorer 6 show an security warning dialog
> ---------------------------------------------------------------------
>
> Key: WICKET-855
> URL: https://issues.apache.org/jira/browse/WICKET-855
> Project: Wicket
> Issue Type: Bug
> Components: wicket-extensions
> Environment: Internet Explorer 6 (probably similar on earlier versions), HTTPS
> Reporter: Peter Ertl
> Assignee: Matej Knopp
> Priority: Critical
> Fix For: 1.3.0-rc1
>
>
> When showing an
> org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow
> over an HTTPS connection Internet Explorer will popup a security warning about showing mixed secure and non-secure content. From the point of usability this is confusing and unnecessary for the user.
> Internet Explorer shows this warning because ModalWindow uses an <iframe> tag without an 'src=' attribute.
> Despite the complex nature of the bug the fix is relatively easy...
> [org.apache.wicket.extensions.ajax.markup.html.modal.res/modal.js]
> change line 1062 from:
> "<iframe frameborder=\"0\" id='"+idContent+"' allowtransparency=\"false\" style=\"height: 200px\">"+
> to
> "<iframe src='://0' frameborder=\"0\" id='"+idContent+"' allowtransparency=\"false\" style=\"height: 200px\">"+
> This way there will be an 'src' attribute in the <iframe> from the very beginning and no warning popup will be shown on explorer anymore.
> The reason for using an obscure url like
> ://0
> is already explained in WICKET-523 (and http://dev.mootools.net/ticket/139)
> As this fix is so easy and the problem is really serious (you effectively can't use ModalWindow in a secure professional environment) I would plead to integrate it before wicket-extensions-1.3 final.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (WICKET-855) ModalWindow makes Internet Explorer
6 show an security warning dialog
Posted by "Matej Knopp (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WICKET-855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12545684 ]
Matej Knopp commented on WICKET-855:
------------------------------------
That is really weird, did you clear your browser cache?
> ModalWindow makes Internet Explorer 6 show an security warning dialog
> ---------------------------------------------------------------------
>
> Key: WICKET-855
> URL: https://issues.apache.org/jira/browse/WICKET-855
> Project: Wicket
> Issue Type: Bug
> Components: wicket-extensions
> Environment: Internet Explorer 6 (probably similar on earlier versions), HTTPS
> Reporter: Peter Ertl
> Assignee: Matej Knopp
> Priority: Critical
> Fix For: 1.3.0-rc1
>
>
> When showing an
> org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow
> over an HTTPS connection Internet Explorer will popup a security warning about showing mixed secure and non-secure content. From the point of usability this is confusing and unnecessary for the user.
> Internet Explorer shows this warning because ModalWindow uses an <iframe> tag without an 'src=' attribute.
> Despite the complex nature of the bug the fix is relatively easy...
> [org.apache.wicket.extensions.ajax.markup.html.modal.res/modal.js]
> change line 1062 from:
> "<iframe frameborder=\"0\" id='"+idContent+"' allowtransparency=\"false\" style=\"height: 200px\">"+
> to
> "<iframe src='://0' frameborder=\"0\" id='"+idContent+"' allowtransparency=\"false\" style=\"height: 200px\">"+
> This way there will be an 'src' attribute in the <iframe> from the very beginning and no warning popup will be shown on explorer anymore.
> The reason for using an obscure url like
> ://0
> is already explained in WICKET-523 (and http://dev.mootools.net/ticket/139)
> As this fix is so easy and the problem is really serious (you effectively can't use ModalWindow in a secure professional environment) I would plead to integrate it before wicket-extensions-1.3 final.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (WICKET-855) ModalWindow makes Internet Explorer 6
show an security warning dialog
Posted by "Matej Knopp (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WICKET-855?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matej Knopp reassigned WICKET-855:
----------------------------------
Assignee: Matej Knopp (was: Alastair Maw)
> ModalWindow makes Internet Explorer 6 show an security warning dialog
> ---------------------------------------------------------------------
>
> Key: WICKET-855
> URL: https://issues.apache.org/jira/browse/WICKET-855
> Project: Wicket
> Issue Type: Bug
> Components: wicket-extensions
> Environment: Internet Explorer 6 (probably similar on earlier versions), HTTPS
> Reporter: Peter Ertl
> Assignee: Matej Knopp
> Priority: Critical
> Fix For: 1.3.0-beta5
>
>
> When showing an
> org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow
> over an HTTPS connection Internet Explorer will popup a security warning about showing mixed secure and non-secure content. From the point of usability this is confusing and unnecessary for the user.
> Internet Explorer shows this warning because ModalWindow uses an <iframe> tag without an 'src=' attribute.
> Despite the complex nature of the bug the fix is relatively easy...
> [org.apache.wicket.extensions.ajax.markup.html.modal.res/modal.js]
> change line 1062 from:
> "<iframe frameborder=\"0\" id='"+idContent+"' allowtransparency=\"false\" style=\"height: 200px\">"+
> to
> "<iframe src='://0' frameborder=\"0\" id='"+idContent+"' allowtransparency=\"false\" style=\"height: 200px\">"+
> This way there will be an 'src' attribute in the <iframe> from the very beginning and no warning popup will be shown on explorer anymore.
> The reason for using an obscure url like
> ://0
> is already explained in WICKET-523 (and http://dev.mootools.net/ticket/139)
> As this fix is so easy and the problem is really serious (you effectively can't use ModalWindow in a secure professional environment) I would plead to integrate it before wicket-extensions-1.3 final.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (WICKET-855) ModalWindow makes Internet Explorer
6 show an security warning dialog
Posted by "Matej Knopp (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WICKET-855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12531331 ]
Matej Knopp commented on WICKET-855:
------------------------------------
Actually, current at wicket-event.js, we used to have problems with ://. Currently for https wicket-event uses //: ('\/\/:' escaped), which seems to work fine with IE6/https, at least noone complains. perhaps the same thing would work for this iframe.
(the entire snippet is var src = (window.location.protocol == 'https:') ? '\/\/:' : 'javascript:void(0)'; )
> ModalWindow makes Internet Explorer 6 show an security warning dialog
> ---------------------------------------------------------------------
>
> Key: WICKET-855
> URL: https://issues.apache.org/jira/browse/WICKET-855
> Project: Wicket
> Issue Type: Bug
> Components: wicket-extensions
> Environment: Internet Explorer 6 (probably similar on earlier versions), HTTPS
> Reporter: Peter Ertl
> Assignee: Alastair Maw
> Priority: Critical
> Fix For: 1.3.0-beta4
>
>
> When showing an
> org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow
> over an HTTPS connection Internet Explorer will popup a security warning about showing mixed secure and non-secure content. From the point of usability this is confusing and unnecessary for the user.
> Internet Explorer shows this warning because ModalWindow uses an <iframe> tag without an 'src=' attribute.
> Despite the complex nature of the bug the fix is relatively easy...
> [org.apache.wicket.extensions.ajax.markup.html.modal.res/modal.js]
> change line 1062 from:
> "<iframe frameborder=\"0\" id='"+idContent+"' allowtransparency=\"false\" style=\"height: 200px\">"+
> to
> "<iframe src='://0' frameborder=\"0\" id='"+idContent+"' allowtransparency=\"false\" style=\"height: 200px\">"+
> This way there will be an 'src' attribute in the <iframe> from the very beginning and no warning popup will be shown on explorer anymore.
> The reason for using an obscure url like
> ://0
> is already explained in WICKET-523 (and http://dev.mootools.net/ticket/139)
> As this fix is so easy and the problem is really serious (you effectively can't use ModalWindow in a secure professional environment) I would plead to integrate it before wicket-extensions-1.3 final.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (WICKET-855) ModalWindow makes Internet Explorer
6 show an security warning dialog
Posted by "Chuck Deal (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WICKET-855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12523609 ]
Chuck Deal commented on WICKET-855:
-----------------------------------
IE6
No, I didn't find either guid when searching regedit (keys, values, or data). Neither did a coworker experieincing the same problem.
> ModalWindow makes Internet Explorer 6 show an security warning dialog
> ---------------------------------------------------------------------
>
> Key: WICKET-855
> URL: https://issues.apache.org/jira/browse/WICKET-855
> Project: Wicket
> Issue Type: Bug
> Components: wicket-extensions
> Environment: Internet Explorer 6 (probably similar on earlier versions), HTTPS
> Reporter: Peter Ertl
> Assignee: Alastair Maw
> Priority: Critical
> Fix For: 1.3.0-beta4
>
>
> When showing an
> org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow
> over an HTTPS connection Internet Explorer will popup a security warning about showing mixed secure and non-secure content. From the point of usability this is confusing and unnecessary for the user.
> Internet Explorer shows this warning because ModalWindow uses an <iframe> tag without an 'src=' attribute.
> Despite the complex nature of the bug the fix is relatively easy...
> [org.apache.wicket.extensions.ajax.markup.html.modal.res/modal.js]
> change line 1062 from:
> "<iframe frameborder=\"0\" id='"+idContent+"' allowtransparency=\"false\" style=\"height: 200px\">"+
> to
> "<iframe src='://0' frameborder=\"0\" id='"+idContent+"' allowtransparency=\"false\" style=\"height: 200px\">"+
> This way there will be an 'src' attribute in the <iframe> from the very beginning and no warning popup will be shown on explorer anymore.
> The reason for using an obscure url like
> ://0
> is already explained in WICKET-523 (and http://dev.mootools.net/ticket/139)
> As this fix is so easy and the problem is really serious (you effectively can't use ModalWindow in a secure professional environment) I would plead to integrate it before wicket-extensions-1.3 final.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (WICKET-855) ModalWindow makes Internet Explorer
6 show an security warning dialog
Posted by "Chuck Deal (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WICKET-855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12523293 ]
Chuck Deal commented on WICKET-855:
-----------------------------------
I don't know that this works like a charm just yet...
I think that wicket's relative URL code is somehow attaching the '://0' to the url which is causing errors on my page when displaying the ModalWindow. The ModalWindow renders fine, but then a request is sent for the containing page (the one where the ModalWindow is defined) with the '://0' appended to it. I believe that it is coming from this new src attribute.
13:37:25,954 ERROR RequestCycle:1240 - URL fragment has unmatched key/value pair: mode/UPDATE/uId/%7B206F1C88-CAC3-4131-BBC0-7C7F5260F7F7%7D/://0
java.lang.IllegalStateException: URL fragment has unmatched key/value pair: mode/UPDATE/uId/%7B206F1C88-CAC3-4131-BBC0-7C7F5260F7F7%7D/://0
at org.apache.wicket.request.target.coding.AbstractRequestTargetUrlCodingStrategy.decodeParameters(AbstractRequestTargetUrlCodingStrategy.java:174)
at org.apache.wicket.request.target.coding.PackageRequestTargetUrlCodingStrategy.decode(PackageRequestTargetUrlCodingStrategy.java:103)
at org.apache.wicket.protocol.http.request.WebRequestCodingStrategy.targetForRequest(WebRequestCodingStrategy.java:384)
at org.apache.wicket.protocol.http.WebRequestCycleProcessor.resolve(WebRequestCycleProcessor.java:175)
at org.apache.wicket.RequestCycle.step(RequestCycle.java:1078)
at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1164)
at org.apache.wicket.RequestCycle.request(RequestCycle.java:486)
at org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:268)
at org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:124)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
at org.apache.catalina.valves.FastCommonAccessLogValve.invoke(FastCommonAccessLogValve.java:495)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
at java.lang.Thread.run(Thread.java:595)
> ModalWindow makes Internet Explorer 6 show an security warning dialog
> ---------------------------------------------------------------------
>
> Key: WICKET-855
> URL: https://issues.apache.org/jira/browse/WICKET-855
> Project: Wicket
> Issue Type: Bug
> Components: wicket-extensions
> Environment: Internet Explorer 6 (probably similar on earlier versions), HTTPS
> Reporter: Peter Ertl
> Assignee: Alastair Maw
> Priority: Critical
> Fix For: 1.3.0-beta4
>
>
> When showing an
> org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow
> over an HTTPS connection Internet Explorer will popup a security warning about showing mixed secure and non-secure content. From the point of usability this is confusing and unnecessary for the user.
> Internet Explorer shows this warning because ModalWindow uses an <iframe> tag without an 'src=' attribute.
> Despite the complex nature of the bug the fix is relatively easy...
> [org.apache.wicket.extensions.ajax.markup.html.modal.res/modal.js]
> change line 1062 from:
> "<iframe frameborder=\"0\" id='"+idContent+"' allowtransparency=\"false\" style=\"height: 200px\">"+
> to
> "<iframe src='://0' frameborder=\"0\" id='"+idContent+"' allowtransparency=\"false\" style=\"height: 200px\">"+
> This way there will be an 'src' attribute in the <iframe> from the very beginning and no warning popup will be shown on explorer anymore.
> The reason for using an obscure url like
> ://0
> is already explained in WICKET-523 (and http://dev.mootools.net/ticket/139)
> As this fix is so easy and the problem is really serious (you effectively can't use ModalWindow in a secure professional environment) I would plead to integrate it before wicket-extensions-1.3 final.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (WICKET-855) ModalWindow makes Internet Explorer 6
show an security warning dialog
Posted by "Frank Bille Jensen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WICKET-855?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Frank Bille Jensen updated WICKET-855:
--------------------------------------
Fix Version/s: (was: 1.3.0-beta4)
1.3.0-beta5
> ModalWindow makes Internet Explorer 6 show an security warning dialog
> ---------------------------------------------------------------------
>
> Key: WICKET-855
> URL: https://issues.apache.org/jira/browse/WICKET-855
> Project: Wicket
> Issue Type: Bug
> Components: wicket-extensions
> Environment: Internet Explorer 6 (probably similar on earlier versions), HTTPS
> Reporter: Peter Ertl
> Assignee: Alastair Maw
> Priority: Critical
> Fix For: 1.3.0-beta5
>
>
> When showing an
> org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow
> over an HTTPS connection Internet Explorer will popup a security warning about showing mixed secure and non-secure content. From the point of usability this is confusing and unnecessary for the user.
> Internet Explorer shows this warning because ModalWindow uses an <iframe> tag without an 'src=' attribute.
> Despite the complex nature of the bug the fix is relatively easy...
> [org.apache.wicket.extensions.ajax.markup.html.modal.res/modal.js]
> change line 1062 from:
> "<iframe frameborder=\"0\" id='"+idContent+"' allowtransparency=\"false\" style=\"height: 200px\">"+
> to
> "<iframe src='://0' frameborder=\"0\" id='"+idContent+"' allowtransparency=\"false\" style=\"height: 200px\">"+
> This way there will be an 'src' attribute in the <iframe> from the very beginning and no warning popup will be shown on explorer anymore.
> The reason for using an obscure url like
> ://0
> is already explained in WICKET-523 (and http://dev.mootools.net/ticket/139)
> As this fix is so easy and the problem is really serious (you effectively can't use ModalWindow in a secure professional environment) I would plead to integrate it before wicket-extensions-1.3 final.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (WICKET-855) ModalWindow makes Internet Explorer 6
show an security warning dialog
Posted by "Matej Knopp (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WICKET-855?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matej Knopp resolved WICKET-855.
--------------------------------
Resolution: Fixed
Should be fixed, please reopen if the fix doesn't work
> ModalWindow makes Internet Explorer 6 show an security warning dialog
> ---------------------------------------------------------------------
>
> Key: WICKET-855
> URL: https://issues.apache.org/jira/browse/WICKET-855
> Project: Wicket
> Issue Type: Bug
> Components: wicket-extensions
> Environment: Internet Explorer 6 (probably similar on earlier versions), HTTPS
> Reporter: Peter Ertl
> Assignee: Matej Knopp
> Priority: Critical
> Fix For: 1.3.0-beta5
>
>
> When showing an
> org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow
> over an HTTPS connection Internet Explorer will popup a security warning about showing mixed secure and non-secure content. From the point of usability this is confusing and unnecessary for the user.
> Internet Explorer shows this warning because ModalWindow uses an <iframe> tag without an 'src=' attribute.
> Despite the complex nature of the bug the fix is relatively easy...
> [org.apache.wicket.extensions.ajax.markup.html.modal.res/modal.js]
> change line 1062 from:
> "<iframe frameborder=\"0\" id='"+idContent+"' allowtransparency=\"false\" style=\"height: 200px\">"+
> to
> "<iframe src='://0' frameborder=\"0\" id='"+idContent+"' allowtransparency=\"false\" style=\"height: 200px\">"+
> This way there will be an 'src' attribute in the <iframe> from the very beginning and no warning popup will be shown on explorer anymore.
> The reason for using an obscure url like
> ://0
> is already explained in WICKET-523 (and http://dev.mootools.net/ticket/139)
> As this fix is so easy and the problem is really serious (you effectively can't use ModalWindow in a secure professional environment) I would plead to integrate it before wicket-extensions-1.3 final.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (WICKET-855) ModalWindow makes Internet Explorer
6 show an security warning dialog
Posted by "Peter Ertl (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WICKET-855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12522186 ]
Peter Ertl commented on WICKET-855:
-----------------------------------
Thanks for the quick fix, too. Everything works like a charm now, even in stupid Explorer :-)
> ModalWindow makes Internet Explorer 6 show an security warning dialog
> ---------------------------------------------------------------------
>
> Key: WICKET-855
> URL: https://issues.apache.org/jira/browse/WICKET-855
> Project: Wicket
> Issue Type: Bug
> Components: wicket-extensions
> Environment: Internet Explorer 6 (probably similar on earlier versions), HTTPS
> Reporter: Peter Ertl
> Assignee: Alastair Maw
> Priority: Critical
> Fix For: 1.3.0-beta4
>
>
> When showing an
> org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow
> over an HTTPS connection Internet Explorer will popup a security warning about showing mixed secure and non-secure content. From the point of usability this is confusing and unnecessary for the user.
> Internet Explorer shows this warning because ModalWindow uses an <iframe> tag without an 'src=' attribute.
> Despite the complex nature of the bug the fix is relatively easy...
> [org.apache.wicket.extensions.ajax.markup.html.modal.res/modal.js]
> change line 1062 from:
> "<iframe frameborder=\"0\" id='"+idContent+"' allowtransparency=\"false\" style=\"height: 200px\">"+
> to
> "<iframe src='://0' frameborder=\"0\" id='"+idContent+"' allowtransparency=\"false\" style=\"height: 200px\">"+
> This way there will be an 'src' attribute in the <iframe> from the very beginning and no warning popup will be shown on explorer anymore.
> The reason for using an obscure url like
> ://0
> is already explained in WICKET-523 (and http://dev.mootools.net/ticket/139)
> As this fix is so easy and the problem is really serious (you effectively can't use ModalWindow in a secure professional environment) I would plead to integrate it before wicket-extensions-1.3 final.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (WICKET-855) ModalWindow makes Internet Explorer
6 show an security warning dialog
Posted by "Peter Ertl (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WICKET-855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12523604 ]
Peter Ertl commented on WICKET-855:
-----------------------------------
Sorry, I mean
206F1C88-CAC3-4131-BBC0-7C7F5260F7F7
> ModalWindow makes Internet Explorer 6 show an security warning dialog
> ---------------------------------------------------------------------
>
> Key: WICKET-855
> URL: https://issues.apache.org/jira/browse/WICKET-855
> Project: Wicket
> Issue Type: Bug
> Components: wicket-extensions
> Environment: Internet Explorer 6 (probably similar on earlier versions), HTTPS
> Reporter: Peter Ertl
> Assignee: Alastair Maw
> Priority: Critical
> Fix For: 1.3.0-beta4
>
>
> When showing an
> org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow
> over an HTTPS connection Internet Explorer will popup a security warning about showing mixed secure and non-secure content. From the point of usability this is confusing and unnecessary for the user.
> Internet Explorer shows this warning because ModalWindow uses an <iframe> tag without an 'src=' attribute.
> Despite the complex nature of the bug the fix is relatively easy...
> [org.apache.wicket.extensions.ajax.markup.html.modal.res/modal.js]
> change line 1062 from:
> "<iframe frameborder=\"0\" id='"+idContent+"' allowtransparency=\"false\" style=\"height: 200px\">"+
> to
> "<iframe src='://0' frameborder=\"0\" id='"+idContent+"' allowtransparency=\"false\" style=\"height: 200px\">"+
> This way there will be an 'src' attribute in the <iframe> from the very beginning and no warning popup will be shown on explorer anymore.
> The reason for using an obscure url like
> ://0
> is already explained in WICKET-523 (and http://dev.mootools.net/ticket/139)
> As this fix is so easy and the problem is really serious (you effectively can't use ModalWindow in a secure professional environment) I would plead to integrate it before wicket-extensions-1.3 final.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (WICKET-855) ModalWindow makes Internet Explorer
6 show an security warning dialog
Posted by "Alex Burgel (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WICKET-855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12545598 ]
Alex Burgel commented on WICKET-855:
------------------------------------
i'm still seeing the illegal state exception described by chuck above with rc1 in firefox 2.0.0.9 and ie 7.0.5730.11:
2007-11-26 14:33:32,350 ERROR RequestCycle - URL fragment has unmatched key/value pair: id/31721/://0
java.lang.IllegalStateException: URL fragment has unmatched key/value pair: id/31721/://0
at org.apache.wicket.request.target.coding.AbstractRequestTargetUrlCodingStrategy.decodeParameters(AbstractRequestTargetUrlCodingStrategy.java:174)
at org.apache.wicket.request.target.coding.PackageRequestTargetUrlCodingStrategy.decode(PackageRequestTargetUrlCodingStrategy.java:103)
at org.apache.wicket.protocol.http.request.WebRequestCodingStrategy.targetForRequest(WebRequestCodingStrategy.java:475)
at org.apache.wicket.protocol.http.WebRequestCycleProcessor.resolve(WebRequestCycleProcessor.java:175)
at org.apache.wicket.RequestCycle.step(RequestCycle.java:1152)
at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1248)
at org.apache.wicket.RequestCycle.request(RequestCycle.java:489)
at org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:343)
> ModalWindow makes Internet Explorer 6 show an security warning dialog
> ---------------------------------------------------------------------
>
> Key: WICKET-855
> URL: https://issues.apache.org/jira/browse/WICKET-855
> Project: Wicket
> Issue Type: Bug
> Components: wicket-extensions
> Environment: Internet Explorer 6 (probably similar on earlier versions), HTTPS
> Reporter: Peter Ertl
> Assignee: Matej Knopp
> Priority: Critical
> Fix For: 1.3.0-rc1
>
>
> When showing an
> org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow
> over an HTTPS connection Internet Explorer will popup a security warning about showing mixed secure and non-secure content. From the point of usability this is confusing and unnecessary for the user.
> Internet Explorer shows this warning because ModalWindow uses an <iframe> tag without an 'src=' attribute.
> Despite the complex nature of the bug the fix is relatively easy...
> [org.apache.wicket.extensions.ajax.markup.html.modal.res/modal.js]
> change line 1062 from:
> "<iframe frameborder=\"0\" id='"+idContent+"' allowtransparency=\"false\" style=\"height: 200px\">"+
> to
> "<iframe src='://0' frameborder=\"0\" id='"+idContent+"' allowtransparency=\"false\" style=\"height: 200px\">"+
> This way there will be an 'src' attribute in the <iframe> from the very beginning and no warning popup will be shown on explorer anymore.
> The reason for using an obscure url like
> ://0
> is already explained in WICKET-523 (and http://dev.mootools.net/ticket/139)
> As this fix is so easy and the problem is really serious (you effectively can't use ModalWindow in a secure professional environment) I would plead to integrate it before wicket-extensions-1.3 final.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Reopened: (WICKET-855) ModalWindow makes Internet Explorer 6
show an security warning dialog
Posted by "Alastair Maw (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WICKET-855?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alastair Maw reopened WICKET-855:
---------------------------------
OK, will look into this one further. :(
> ModalWindow makes Internet Explorer 6 show an security warning dialog
> ---------------------------------------------------------------------
>
> Key: WICKET-855
> URL: https://issues.apache.org/jira/browse/WICKET-855
> Project: Wicket
> Issue Type: Bug
> Components: wicket-extensions
> Environment: Internet Explorer 6 (probably similar on earlier versions), HTTPS
> Reporter: Peter Ertl
> Assignee: Alastair Maw
> Priority: Critical
> Fix For: 1.3.0-beta4
>
>
> When showing an
> org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow
> over an HTTPS connection Internet Explorer will popup a security warning about showing mixed secure and non-secure content. From the point of usability this is confusing and unnecessary for the user.
> Internet Explorer shows this warning because ModalWindow uses an <iframe> tag without an 'src=' attribute.
> Despite the complex nature of the bug the fix is relatively easy...
> [org.apache.wicket.extensions.ajax.markup.html.modal.res/modal.js]
> change line 1062 from:
> "<iframe frameborder=\"0\" id='"+idContent+"' allowtransparency=\"false\" style=\"height: 200px\">"+
> to
> "<iframe src='://0' frameborder=\"0\" id='"+idContent+"' allowtransparency=\"false\" style=\"height: 200px\">"+
> This way there will be an 'src' attribute in the <iframe> from the very beginning and no warning popup will be shown on explorer anymore.
> The reason for using an obscure url like
> ://0
> is already explained in WICKET-523 (and http://dev.mootools.net/ticket/139)
> As this fix is so easy and the problem is really serious (you effectively can't use ModalWindow in a secure professional environment) I would plead to integrate it before wicket-extensions-1.3 final.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (WICKET-855) ModalWindow makes Internet Explorer 6
show an security warning dialog
Posted by "Alastair Maw (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WICKET-855?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alastair Maw resolved WICKET-855.
---------------------------------
Resolution: Fixed
Fixed in trunk. Thanks very much for the helpful spec and trace of the issue + fix.
> ModalWindow makes Internet Explorer 6 show an security warning dialog
> ---------------------------------------------------------------------
>
> Key: WICKET-855
> URL: https://issues.apache.org/jira/browse/WICKET-855
> Project: Wicket
> Issue Type: Bug
> Components: wicket-extensions
> Environment: Internet Explorer 6 (probably similar on earlier versions), HTTPS
> Reporter: Peter Ertl
> Assignee: Alastair Maw
> Priority: Critical
> Fix For: 1.3.0-beta4
>
>
> When showing an
> org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow
> over an HTTPS connection Internet Explorer will popup a security warning about showing mixed secure and non-secure content. From the point of usability this is confusing and unnecessary for the user.
> Internet Explorer shows this warning because ModalWindow uses an <iframe> tag without an 'src=' attribute.
> Despite the complex nature of the bug the fix is relatively easy...
> [org.apache.wicket.extensions.ajax.markup.html.modal.res/modal.js]
> change line 1062 from:
> "<iframe frameborder=\"0\" id='"+idContent+"' allowtransparency=\"false\" style=\"height: 200px\">"+
> to
> "<iframe src='://0' frameborder=\"0\" id='"+idContent+"' allowtransparency=\"false\" style=\"height: 200px\">"+
> This way there will be an 'src' attribute in the <iframe> from the very beginning and no warning popup will be shown on explorer anymore.
> The reason for using an obscure url like
> ://0
> is already explained in WICKET-523 (and http://dev.mootools.net/ticket/139)
> As this fix is so easy and the problem is really serious (you effectively can't use ModalWindow in a secure professional environment) I would plead to integrate it before wicket-extensions-1.3 final.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (WICKET-855) ModalWindow makes Internet Explorer
6 show an security warning dialog
Posted by "Alex Burgel (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WICKET-855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12545972 ]
Alex Burgel commented on WICKET-855:
------------------------------------
ok, that fixes it for me. so this issue will be resolved for rc2.
thanks.
> ModalWindow makes Internet Explorer 6 show an security warning dialog
> ---------------------------------------------------------------------
>
> Key: WICKET-855
> URL: https://issues.apache.org/jira/browse/WICKET-855
> Project: Wicket
> Issue Type: Bug
> Components: wicket-extensions
> Environment: Internet Explorer 6 (probably similar on earlier versions), HTTPS
> Reporter: Peter Ertl
> Assignee: Matej Knopp
> Priority: Critical
> Fix For: 1.3.0-rc1
>
>
> When showing an
> org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow
> over an HTTPS connection Internet Explorer will popup a security warning about showing mixed secure and non-secure content. From the point of usability this is confusing and unnecessary for the user.
> Internet Explorer shows this warning because ModalWindow uses an <iframe> tag without an 'src=' attribute.
> Despite the complex nature of the bug the fix is relatively easy...
> [org.apache.wicket.extensions.ajax.markup.html.modal.res/modal.js]
> change line 1062 from:
> "<iframe frameborder=\"0\" id='"+idContent+"' allowtransparency=\"false\" style=\"height: 200px\">"+
> to
> "<iframe src='://0' frameborder=\"0\" id='"+idContent+"' allowtransparency=\"false\" style=\"height: 200px\">"+
> This way there will be an 'src' attribute in the <iframe> from the very beginning and no warning popup will be shown on explorer anymore.
> The reason for using an obscure url like
> ://0
> is already explained in WICKET-523 (and http://dev.mootools.net/ticket/139)
> As this fix is so easy and the problem is really serious (you effectively can't use ModalWindow in a secure professional environment) I would plead to integrate it before wicket-extensions-1.3 final.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Reopened: (WICKET-855) ModalWindow makes Internet Explorer 6
show an security warning dialog
Posted by "Matej Knopp (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WICKET-855?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matej Knopp reopened WICKET-855:
--------------------------------
> ModalWindow makes Internet Explorer 6 show an security warning dialog
> ---------------------------------------------------------------------
>
> Key: WICKET-855
> URL: https://issues.apache.org/jira/browse/WICKET-855
> Project: Wicket
> Issue Type: Bug
> Components: wicket-extensions
> Environment: Internet Explorer 6 (probably similar on earlier versions), HTTPS
> Reporter: Peter Ertl
> Assignee: Matej Knopp
> Priority: Critical
> Fix For: 1.3.0-rc1
>
>
> When showing an
> org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow
> over an HTTPS connection Internet Explorer will popup a security warning about showing mixed secure and non-secure content. From the point of usability this is confusing and unnecessary for the user.
> Internet Explorer shows this warning because ModalWindow uses an <iframe> tag without an 'src=' attribute.
> Despite the complex nature of the bug the fix is relatively easy...
> [org.apache.wicket.extensions.ajax.markup.html.modal.res/modal.js]
> change line 1062 from:
> "<iframe frameborder=\"0\" id='"+idContent+"' allowtransparency=\"false\" style=\"height: 200px\">"+
> to
> "<iframe src='://0' frameborder=\"0\" id='"+idContent+"' allowtransparency=\"false\" style=\"height: 200px\">"+
> This way there will be an 'src' attribute in the <iframe> from the very beginning and no warning popup will be shown on explorer anymore.
> The reason for using an obscure url like
> ://0
> is already explained in WICKET-523 (and http://dev.mootools.net/ticket/139)
> As this fix is so easy and the problem is really serious (you effectively can't use ModalWindow in a secure professional environment) I would plead to integrate it before wicket-extensions-1.3 final.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (WICKET-855) ModalWindow makes Internet Explorer 6
show an security warning dialog
Posted by "Jean-Baptiste Quenot (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WICKET-855?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jean-Baptiste Quenot updated WICKET-855:
----------------------------------------
Fix Version/s: 1.3.0-beta4
Looks reasonable to do for the next release
> ModalWindow makes Internet Explorer 6 show an security warning dialog
> ---------------------------------------------------------------------
>
> Key: WICKET-855
> URL: https://issues.apache.org/jira/browse/WICKET-855
> Project: Wicket
> Issue Type: Bug
> Components: wicket-extensions
> Environment: Internet Explorer 6 (probably similar on earlier versions), HTTPS
> Reporter: Peter Ertl
> Priority: Critical
> Fix For: 1.3.0-beta4
>
>
> When showing an
> org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow
> over an HTTPS connection Internet Explorer will popup a security warning about showing mixed secure and non-secure content. From the point of usability this is confusing and unnecessary for the user.
> Internet Explorer shows this warning because ModalWindow uses an <iframe> tag without an 'src=' attribute.
> Despite the complex nature of the bug the fix is relatively easy...
> [org.apache.wicket.extensions.ajax.markup.html.modal.res/modal.js]
> change line 1062 from:
> "<iframe frameborder=\"0\" id='"+idContent+"' allowtransparency=\"false\" style=\"height: 200px\">"+
> to
> "<iframe src='://0' frameborder=\"0\" id='"+idContent+"' allowtransparency=\"false\" style=\"height: 200px\">"+
> This way there will be an 'src' attribute in the <iframe> from the very beginning and no warning popup will be shown on explorer anymore.
> The reason for using an obscure url like
> ://0
> is already explained in WICKET-523 (and http://dev.mootools.net/ticket/139)
> As this fix is so easy and the problem is really serious (you effectively can't use ModalWindow in a secure professional environment) I would plead to integrate it before wicket-extensions-1.3 final.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.