Closed Bug 59637 Opened 21 years ago Closed 6 years ago

Give user the choice of seeing insecure content on a secure site

Categories

(Core Graveyard :: Security: UI, enhancement, P3)

enhancement

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: junruh, Unassigned)

References

(Depends on 1 open bug, )

Details

(Keywords: sec-want, Whiteboard: [sg:want P4])

1.) With IE5.5, visit the above url, a site with mixed content.
Note the security information dialog box. "This page contains both secure and 
nonsecure items. Do you want to display the nonsecure items?"
There is a yes and no box. Clicking yes displays everything, clicking no leaves 
the insecure frame blank.
I would like to see this feature in Netscape 6.
changing QA contact to junruh@netscape.com
QA Contact: nitinp → junruh
Changing product from Browser:Security:Crypto --> PSM 2.0
Component: Security: Crypto → Client Library
Product: Browser → PSM
Version: other → 2.0
why on earth is this marked netscape confidential?
No longer confidential
Group: netscapeconfidential?
Target Milestone: --- → 2.0
Target Milestone: 2.0 → Future
-> Future
Hardware: PC → All
Mass assigning QA to ckritzer.
QA Contact: junruh → ckritzer
QA Contact: ckritzer → junruh
Depends on: 62178
QA Contact: junruh → bmartin
This is quite a serious bug. A secure page should not load content from an
insecure page.

Allowing it to without warning is dangerous.
As of today, the user is unable to suppress loading of insecure content within a
secure page.
However, at least Mozilla informs the user if it happens.

As the dependency suggests, this bug should be solved together with bug 62178.
Mass reassign ddrinan's PSM bugs (with his permission) to nobody
Assignee: ddrinan0264 → nobody
QA Contact: bmartin → nobody
Target Milestone: Future → ---
Product: PSM → Core
QA Contact: nobody → ui
Isn’t this bug a duplicate of bug 321022 (or the other way round)? If not, what’s the difference?

By the way, the address in the URL field of this bug doesn’t work anymore.
(In reply to comment #10)
> Isn’t this bug a duplicate of bug 321022 (or the other way round)? If not,
> what’s the difference?

I'm trying to explain the difference in bug 321022 comment 19.
Depends on: 432685
Version: psm2.0 → 1.0 Branch
Summary: RFE-Give user the choice of seeing insecure content on a secure site → Give user the choice of seeing insecure content on a secure site
Whiteboard: [sg:want P4]
Version: 1.0 Branch → Trunk
Depends on: 321022
Duplicate of this bug: 328052
Bug 321022 (blocking this one) looks fixed in Firefox 23.0.1.
We now block mixed-active content (insecure scripts, etc) on security pages. There's a pref to block mixed-passive content as well (static things like images). When content is blocked a shield icon is shown in the URL bar that allows the user to reload the page including the insecure content.

"Give use the choice of seeing insecure content on a secure site" accomplished.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.