905666 - Cannot follow links to non-secure pages within iframes in a secure page

Status: RESOLVED DUPLICATE of bug 902350

(Firefox :: Untriaged, defect)

Description

[Rob]

Attachment: test.zip

User Agent: Mozilla/5.0 (Windows NT 6.1; rv:23.0) Gecko/20100101 Firefox/23.0 (Beta/Release)
Build ID: 20130730113002

Steps to reproduce:

I found this on Drupal 7 websites that use the administrative overlay (which is in an iframe). But it can be reproduced like this:

1. Create a page with an iframe in it.
2. Have the page in the iframe contain a link using http.
3. Visit the page on a secure connection.
4. Click the link.

I've attached a couple of test HTML files. Obviously don't run them from file://, you'll need to put them on a web server with a certificate.


Actual results:

You get the mixed content blocked shield in the address bar. In my test cases (Drupal) the link has a target of "_parent", i.e. you are leaving the iframe page so there shouldn't be a security risk.


Expected results:

It should go to the link.

OR

If that is a security risk for some reason, there needs to be better feedback. It took me around 5 mins of refreshing the page and clicking the link before I noticed this tiny shield icon in the address bar. Perhaps there could be an infobar like the one for when a popup window has been suppressed with a warning but the option to follow the link.