Closed Bug 144694 Opened 23 years ago Closed 23 years ago

SSL frameset: several reloads cause false warning about unencrypted content

Categories

(Core Graveyard :: Security: UI, defect, P3)

Product:
Core Graveyard
Component:
Security: UI
Version:
1.0 Branch
Type:
defect

Tracking

(Not tracked)

Status:
VERIFIED WORKSFORME

People

(Reporter: Taneli.Waltari, Assigned: ssaux)

References

(
URL
)

Details

From Bugzilla Helper: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.0.3705) BuildID: 20020510 Reloading a frameset before the previous reload has completed causes a false warning about unencrypted content when using SSL. Reproducible: Always Steps to Reproduce: 1. Enable SSL server certificates on your web server 2. Crete this web page: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <html dir="ltr" lang="en" xmlns:v='urn:schemas-microsoft-com:vml'> <head> </head> <frameset ID='fsTop' rows='100,*' border='1' frameborder='1' framespacing='0' topmargin='0' leftmargin='0' marginheight='0' marginwidth='0'> <frame name='headerFrame' src='' scrolling='no' noresize border='1' frameborder='1' topmargin='0' leftmargin='0' marginheight='0' marginwidth='0'> <frame name='bodyFrame' src='' scrolling='no' noresize border='1' frameborder='1' topmargin='0' leftmargin='0' marginheight='0' marginwidth='0'> </frameset> </html> 3. Access the abowe created page using SSL 4. Hit reload button before the frameset has finished loading Actual Results: Security Warnining: "encrypted page contains some unencrypted content" This is as far from the truth as it can be. Expected Results: The warning should not be displayed
To PSM
Assignee: mstoltz → ssaux
Component: Security: General → Client Library
Product: Browser → PSM
QA Contact: bsharma → junruh
Version: other → 2.1
Confirming. I've added an in-house test URL above.
URL: https://pki.mcom.com/deleteme.html
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P3
Version: 2.1 → 2.3
This is probably the same bug, so here is another test case. If an IFRAME is deleted before it is finished loading, a window will come up complaining about an encrypted page containing unencrypted data. This works with Mozilla 0.9.9 on FreeBSD and Win2K, but it does not work in Mozilla 1.0RC3 at least on Win2K. An example (test.html): <html> <body onload="handle();"> <script language="JavaScript"> <!-- function handle() { ifr = document.getElementById("testFrame"); ifr.src = "https://example.com:443/body.html"; ifr.parentNode.removeChild(ifr); } // --> </script> <iframe id="testFrame"> </iframe> </body> </html> body.html: <body></body> It appears to only give this error if body.html has never been loaded before, probably due to a timing issue. This is better to test against since you do not have to get lucky with stopping the load. You just need to follow the following steps: 1. Clear the cache. A shift-reload does not cut it. 2. Make sure that the mixed content warning is enabled. 3. Load https://example.com/test.html.
I have uploaded both test cases to: https://www.kuix.de/misc/test32/test1.html https://www.kuix.de/misc/test32/test2.html I don't see any problems. We probably fixed all problems with the recent work to the lock icon tracking code, see bug 130949 and its blocker bugs.
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → WORKSFORME
Verified works for me.
Status: RESOLVED → VERIFIED
Product: PSM → Core
Version: psm2.3 → 1.0 Branch
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.