296593 - When submiting a form over https connection the browser does not warn the user when the form is being processed on a non-encrypted site/url.

Status: RESOLVED WORKSFORME

(Firefox :: General, defect)

Description

[William Caban]

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050223 Firefox/1.0.1
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050223 Firefox/1.0.1

Two bugs?

1) When submiting a form over https connection and the "action" of the form is
being carried by a second external site over a non-encrypted URL.

2) Firefox does not warn of unencrypted elements of an encrypted site.

Reproducible: Always

Steps to Reproduce:
Bug 1:
1. have a form on https://site1.com
2. setup the form to be processed by "http://site2.com" (action="http://site2.com")
3. submit the form at https://site1.com

Bug 2:
1. Have a https://site1.com/path/path/path/ with unencrypted elements
2. No warning from the browser
Actual Results:  
Bug 1:
no warning is given to the user that the processing is being carried by an
unencrypted site/url
Bug 2:
no warning is given to the user that some elements are not encrypted

Expected Results:  
Bug 1:
On these cases the browser should warn the user that even when the site is
encrypted their information is being sent over a clear/unencrypted site/url

Bug 2:
On these cases the browser should warn the user that even when the site is
encrypted some elements are not.


The first bug here, about the https with an unencrypted external site presented
here is also reproducible on Mozilla 1.7.6 (Linux). The second one is not.

Comment 1

[Daniel Veditz [:dveditz]]

Do you have a testcase for either bug? Bug 1 appears to work correctly when I
try it, and bug 2 appears to give the "Mixed" ssl icon appropriately.

Comment 2

[Jesse Ruderman]

No response from reporter, marking WFM.