[jira] Commented: (WICKET-855) ModalWindow makes Internet Explorer 6 show an security warning dialog

[Chuck Deal (JIRA)]

    [ 
https://issues.apache.org/jira/browse/WICKET-855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12523293
 ] 

Chuck Deal commented on WICKET-855:
-----------------------------------

I don't know that this works like a charm just yet...

I think that wicket's relative URL code is somehow attaching the '://0' to the 
url which is causing errors on my page when displaying the ModalWindow.  The 
ModalWindow renders fine, but then a request is sent for the containing page 
(the one where the ModalWindow is defined) with the '://0'  appended to it.   I 
believe that it is coming from this new src attribute.

13:37:25,954 ERROR RequestCycle:1240 - URL fragment has unmatched key/value 
pair: mode/UPDATE/uId/%7B206F1C88-CAC3-4131-BBC0-7C7F5260F7F7%7D/://0
java.lang.IllegalStateException: URL fragment has unmatched key/value pair: 
mode/UPDATE/uId/%7B206F1C88-CAC3-4131-BBC0-7C7F5260F7F7%7D/://0
        at 
org.apache.wicket.request.target.coding.AbstractRequestTargetUrlCodingStrategy.decodeParameters(AbstractRequestTargetUrlCodingStrategy.java:174)
        at 
org.apache.wicket.request.target.coding.PackageRequestTargetUrlCodingStrategy.decode(PackageRequestTargetUrlCodingStrategy.java:103)
        at 
org.apache.wicket.protocol.http.request.WebRequestCodingStrategy.targetForRequest(WebRequestCodingStrategy.java:384)
        at 
org.apache.wicket.protocol.http.WebRequestCycleProcessor.resolve(WebRequestCycleProcessor.java:175)
        at org.apache.wicket.RequestCycle.step(RequestCycle.java:1078)
        at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1164)
        at org.apache.wicket.RequestCycle.request(RequestCycle.java:486)
        at 
org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:268)
        at 
org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:124)
        at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
        at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
        at 
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
        at 
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
        at 
org.apache.catalina.valves.FastCommonAccessLogValve.invoke(FastCommonAccessLogValve.java:495)
        at 
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
        at 
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
        at 
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
        at 
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
        at 
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
        at 
org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
        at 
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
        at 
org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
        at 
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
        at java.lang.Thread.run(Thread.java:595)


> ModalWindow makes Internet Explorer 6 show an security warning dialog
> ---------------------------------------------------------------------
>
>                 Key: WICKET-855
>                 URL: https://issues.apache.org/jira/browse/WICKET-855
>             Project: Wicket
>          Issue Type: Bug
>          Components: wicket-extensions
>         Environment: Internet Explorer 6 (probably similar on earlier 
> versions), HTTPS
>            Reporter: Peter Ertl
>            Assignee: Alastair Maw
>            Priority: Critical
>             Fix For: 1.3.0-beta4
>
>
> When showing an
>    org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow
> over an HTTPS connection Internet Explorer will popup a security warning 
> about showing mixed secure and non-secure content. From the point of 
> usability this is confusing and unnecessary for the user.
> Internet Explorer shows this warning because ModalWindow uses an <iframe> tag 
> without an 'src=' attribute. 
> Despite the complex nature of the bug the fix is relatively easy...
> [org.apache.wicket.extensions.ajax.markup.html.modal.res/modal.js]
>   change line 1062 from:
>      "<iframe frameborder=\"0\" id='"+idContent+"' 
> allowtransparency=\"false\" style=\"height: 200px\">"+
>   to
>      "<iframe src='://0' frameborder=\"0\" id='"+idContent+"' 
> allowtransparency=\"false\" style=\"height: 200px\">"+
> This way there will be an 'src' attribute in the <iframe> from the very 
> beginning and no warning popup will be shown on explorer anymore.
> The reason for using an obscure url like
>  ://0
> is already explained in WICKET-523 (and http://dev.mootools.net/ticket/139)
> As this fix is so easy and the problem is really serious (you effectively 
> can't use ModalWindow in a secure professional environment) I would plead to 
> integrate it before wicket-extensions-1.3 final.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.