Status: Untriaged Owner: [email protected] CC: [email protected] Labels: Type-Bug Pri-2 OS-Windows Area-ChromeFrame Size-Medium Security
New issue 22991 by [email protected]: Chrome Frame bypasses IE mixed content setting http://code.google.com/p/chromium/issues/detail?id=22991 What steps will reproduce the problem? 1. Disable mixed content in IE using Tools > Internet options > Security > Custom level > Display mixed content 2. Go to a Chrome Frame site with mixed content, e.g. http://crypto.stanford.edu/~collinj/test/chromeframe/mixed.html What is the expected output? Script does not run. No alert appears. What do you see instead? Script runs, showing an alert "mixed content ran". There is a warning in developer console explaining that the script was insecurely loaded. -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~---------~--~----~------------~-------~--~----~ Automated mail from issue updates at http://crbug.com/ Subscription options: http://groups.google.com/group/chromium-bugs -~----------~----~----~----~------~----~------~--~---
