Closed
Bug 177330
Opened 22 years ago
Closed 22 years ago
Security warning displayed (leaving an unencrypted page) when the document is created via JavaScript
Categories
(Core Graveyard :: Security: UI, defect, P3)
Tracking
(Not tracked)
VERIFIED
DUPLICATE
of bug 155760
People
(Reporter: csmith, Assigned: ssaux)
References
Details
Attachments
(1 file)
(deleted),
text/plain
|
Details |
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0
Users receive a security warning, "You are about to leave an encrypted page"
when a document is created via JavaScript.
In our application, we have a hidden frame that is used to create dynamic form
submissions to our server. The code is working fine, but every time we create
the document (on the client), the user receives the security warning listed
above.
I am not sure why this is the case since the document is created in the browser
and is never transmitted, etc.
Having the same options on in IE (show warning if leaving a secure page) does
not display the equivalent warning.
Reproducible: Always
Steps to Reproduce:
1. Enable the SSL warnings (loading, leaving a secure page)
2. Retrieve a page from a secure server that contains javascript that writes a
complete document (open, write, close).
3. Execute the script on the client.
Actual Results:
The security warning is displayed, "You are about to leave a secure page"
Expected Results:
Not shown a warning since the document has been completely created on the
client, thus nothing has been trasmitted allowing others to view it.
Reporter | ||
Comment 1•22 years ago
|
||
This file shows the secure warning when the link is clicked (the document is
dynamically written).
To show this, just put this page on a secure server. Retrieve the page via
Mozilla, and click the link. (Make sure you have the SSL warnings enabled)
Comment 2•22 years ago
|
||
To PSM. The problem is probably that we treat the about:blank load that happens
in there as insecure... we should special-case that.
Assignee: rogerl → ssaux
Status: UNCONFIRMED → NEW
Component: JavaScript Engine → Client Library
Ever confirmed: true
OS: Windows 2000 → All
Product: Browser → PSM
QA Contact: pschwartau → junruh
Hardware: PC → All
Version: other → 2.1
*** Bug 165243 has been marked as a duplicate of this bug. ***
Comment 4•22 years ago
|
||
Confirming. In-house test site is https://pki.mcom.com/17730.html
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•