[jira] Updated: (WICKET-855) ModalWindow makes Internet Explorer 6 show an security warning dialog

Wed, 10 Oct 2007 01:37:21 -0700 

     [ 
https://issues.apache.org/jira/browse/WICKET-855?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Frank Bille Jensen updated WICKET-855:
--------------------------------------

    Fix Version/s:     (was: 1.3.0-beta4)
                   1.3.0-beta5

> ModalWindow makes Internet Explorer 6 show an security warning dialog
> ---------------------------------------------------------------------
>
>                 Key: WICKET-855
>                 URL: https://issues.apache.org/jira/browse/WICKET-855
>             Project: Wicket
>          Issue Type: Bug
>          Components: wicket-extensions
>         Environment: Internet Explorer 6 (probably similar on earlier 
> versions), HTTPS
>            Reporter: Peter Ertl
>            Assignee: Alastair Maw
>            Priority: Critical
>             Fix For: 1.3.0-beta5
>
>
> When showing an
>    org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow
> over an HTTPS connection Internet Explorer will popup a security warning 
> about showing mixed secure and non-secure content. From the point of 
> usability this is confusing and unnecessary for the user.
> Internet Explorer shows this warning because ModalWindow uses an <iframe> tag 
> without an 'src=' attribute. 
> Despite the complex nature of the bug the fix is relatively easy...
> [org.apache.wicket.extensions.ajax.markup.html.modal.res/modal.js]
>   change line 1062 from:
>      "<iframe frameborder=\"0\" id='"+idContent+"' 
> allowtransparency=\"false\" style=\"height: 200px\">"+
>   to
>      "<iframe src='://0' frameborder=\"0\" id='"+idContent+"' 
> allowtransparency=\"false\" style=\"height: 200px\">"+
> This way there will be an 'src' attribute in the <iframe> from the very 
> beginning and no warning popup will be shown on explorer anymore.
> The reason for using an obscure url like
>  ://0
> is already explained in WICKET-523 (and http://dev.mootools.net/ticket/139)
> As this fix is so easy and the problem is really serious (you effectively 
> can't use ModalWindow in a secure professional environment) I would plead to 
> integrate it before wicket-extensions-1.3 final.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to