Reviewed: https://reviews.mahara.org/4827 Committed: https://git.nzoss.org.nz/mahara/mahara/commit/efe949976ef5a2ace679085a1151da7c392a24d0 Submitter: Robert Lyon ([email protected]) Branch: master
commit efe949976ef5a2ace679085a1151da7c392a24d0 Author: Aaron Wells <[email protected]> Date: Wed Jun 10 12:33:49 2015 +1200 Prevent HTTP iframes on an HTTPS site Bug 1463629 Change-Id: I99f4df8b5ce51a58db5f122f44717ae6d12a6d72 -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1463629 Title: Prevent HTTP iframes on HTTPS sites Status in Mahara ePortfolio: Fix Committed Status in Mahara 1.10 series: In Progress Status in Mahara 1.9 series: In Progress Status in Mahara 15.04 series: In Progress Status in Mahara 15.10 series: Fix Committed Bug description: We've reached a point now where Firefox, Chrome, and IE will all silently ignore an HTTP iframe on an HTTPS site. Most iframe embed provides now provide an https or protocol-relative iframe code, but occasionally a user will still enter an http iframe, maybe from a site that isn't up to snuff yet, or copied from an older page. This leads to the unsatisfactory user experience where they've entered an iframe code, but the iframe doesn't show up at all. We should change our safe iframe code so that it detects these HTTP iframes and rewrites them to HTTPS or protocol-relative. This is also a bit of a security issue (mixing HTTP content on an HTTPS page) but since all modern browsers simply ban the unsafe iframe, it's a low-priority security issue. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1463629/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~mahara-contributors Post to : [email protected] Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
