Open Bug 489167 Opened 15 years ago Updated 1 year ago

Firefox erroneously reports connection partially encrypted on page with empty href attribute in link tag

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Platform:
x86
Windows Vista
Type:
defect

Tracking

()

Status:
UNCONFIRMED

People

(Reporter: steen, Unassigned)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 6.0; da; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.0; da; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8

On an https connection, a visit to a page containing the HTML tag <link rel="stylesheet" type="text/css" href="" /> will trig a security error popup stating that elements on the web page are not encrypted. The pad lock image is broken, and the details reports, that the connection is only partially encrypted.

Reproducible: Always

Steps to Reproduce:
1. Put the HTML tag <link rel="stylesheet" type="text/css" href="" /> into an HTML page.
2. View the page over an https connection.
3. You should get the security warning.
Actual Results:  
I get a security warning.

Expected Results:  
There should be no security warning, since including the stylesheet with the filename "" is not a security risk.
this may be related.  Using FF/3.5.3 to get a frameset over an HTTPS connection.  One of the frames in the frameset has a "src" attribute with a value of "about:blank".

FF reports the frameset page as "partially encrypted"

BJ
Severity: minor → S4
You need to log in before you can comment on or make changes to this bug.