Closed Bug 909761 Opened 12 years ago Closed 12 years ago

Links within a frameset to another server open blank pages with no content, but still reveal page source.

Categories

(Firefox :: Untriaged, defect)

Product:
Firefox
Component:
Untriaged
Version:
23 Branch
Platform:
x86
Windows 7
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: dph, Unassigned)

References

(
URL
)

Details

User Agent: Mozilla/5.0 (Windows NT 6.1; rv:23.0) Gecko/20100101 Firefox/23.0 (Beta/Release) Build ID: 20130814063812 Steps to reproduce: Logged in to K-State Online server. Clicked content link (open in new window selected) containing the following source: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html> <head> <title>MATH010 Lecture 1-1</title> <frameset rows="1 " BORDER="0" FRAMEBORDER="no"> <frame name="MATH010 Lecture 1-1" src="http://www.math.ksu.edu/~dph/vl/010/lec11/index.html"> </frameset> </head> </html> Actual results: New window opened with no visible content. Right clicked to View Page Source. Code displayed. Expected results: Should have loaded indicated frame source. It did so prior to FF 23.0.1.
URL: protected - must have K-State User ID...
Severity: normal → critical
Keywords: common-issue?
This is an intentional change: mixed content (HTTP content loaded from within an HTTPS site) is now no longer allowed by default. Users can temporarily override this behavior with the icon in the location bar, but websites should be redesigned not to embed mixed content directly within their pages. See bug 844556 for other instances.
Blocks: 844556
Group: core-security
Status: UNCONFIRMED → RESOLVED
Closed: 12 years ago
Keywords: common-issue?
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.