Closed Bug 63212 Opened 25 years ago Closed 23 years ago

loading secure page on top of non-secure frame page opens new window

Categories

(Core :: Layout: Images, Video, and HTML Frames, defect, P1)

Product:
Core
Component:
Layout: Images, Video, and HTML Frames
Platform:
x86
All
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Future

People

(Reporter: junruh, Assigned: john)

References

(
URL
)

Details

Attachments

(1 file)

frames.zip
1.03 KB, application/octet-stream
Details
1.) Visit http://junruh/sarita/frame.html 2.) Click on the secure left link 3.) Click on the secure right link What is expected: The right side of the page would be secure, like with IE. What happens: A new window is opened. When I have a page using frames, if frame A (<a ... target=B>) tries to load a secure document into frame B, when frame B has a non-secure page, it results in a new browser window opened. I can load a secure document into frame B from frame B, even when frame B currently contains a non-secure page. Tested on Solaris and Win32.
Communicator does the same thing that you see. Are you sure this isn't the way it's supposed to be and IE isn't being over-friendly. (I tried this using Communicator 4.76 w/ PSM on Solaris.)
This is the same bug as is in bugsplat, which is still open. This doesn't seem to be a security problem, just different from IE. https://scopus.mcom.com/bugsplat/show_bug.cgi?id=387249
Changing product from Browser:Security:Crypto --> PSM 2.0
Component: Security: Crypto → Client Library
Product: Browser → PSM
Version: other → 2.0
Target Milestone: --- → 2.0
->p2
Priority: -- → P2
->
Priority: P2 → P3
Mass reassigning target to 2.1
Target Milestone: 2.0 → 2.1
Keywords: nsenterprise
test case description and test case do not match anymore.
P1
Priority: P3 → P1
Mass assigning QA to ckritzer.
QA Contact: junruh → ckritzer
This is not a crypto issue since we do not control the open of browser windows. Re-assigning to the browser team.
Assignee: ddrinan → ssaux
Re-assigning for real, this time.
Component: Client Library → HTMLFrames
Product: PSM → Browser
Target Milestone: 2.1 → ---
Version: 2.0 → other
Assigning to default owners.
Assignee: ssaux → pollmann
QA Contact: ckritzer → amar
Removing nsenterprise, adding nsBranch.
Keywords: nsenterprise+nsBranch
Since my understanding is this is a different behavior than IE and not a security problem, I am marking this nsbranch-.
Keywords: nsbranch-
removed keyword nsbranch since it now has nsbranch-, per pdt mtg.
Keywords: nsbranch
Bulk reassignin HTML FRAME/IFRAME bugs to Eric.
Assignee: pollmann → evaughan
Blocks: 107067
Keywords: nsbranch-
Target Milestone: --- → Future
Bulk re-assigning all of Eric's HTMLFrame bugs to John.
Assignee: eric → jkeiser
No longer blocks: 107067
This affects logging into CommunityZero. To reproduce, go to: http://www.communityzero.com/moztest. Login as u:moztest pw:test. The community website will load in a new window from the login page. This is really annoying when popups are turned off, because then you are forced to hit the refresh button after the login page changes to the "Successful login" page.
Keywords: nsbeta1
Erm, it's been a year and a half with no dups and no topsites I can see, and this isn't even awful behavior. Nor can the original site even be reached. nsbeta1 why? (I can't see bugsplat but perhaps you could email me with info on how I can do so.)
Changed the URL. The site can be reached now, although it is in-house. Attaching a winzip which includes the test files, if you want to edit them for your own tests on a secure server.
URL: http://junruh.mcom.com/sarita/frame.htmlhttp://pki.mcom.com/sarita/frame.html
Attached file frames.zip
Sorry, there doesn't appear to be a secure right link at that URL?
If you are inside the firewall, the link should work as described now. I forgot to upload the new edited pages.
Seems to work for me on WinXP trunk 2002061208. Could you check trunk? Here's my steps and what I see: 1. Load file. Two frames, "This is non-secure left" and "This is non-secure right" 2. Click "secure left". Left frame turns to "This is a secure left page." 3. Click "secure right" on the left frame. Security dialog comes up and then right frame turns to "This is a secure right page." This seems right to me.
Marking fixed on trunk and branch. Mr. Nixon, can you try a more recent build?
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Product: Core → Core Graveyard
Component: Layout: HTML Frames → Layout: Images
Product: Core Graveyard → Core
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: