On Tue, August 19, 2014 3:41 pm, fhw...@gmail.com wrote:
htmlheadmeta http-equiv=Content-Type content=text/plain;style
body { font-family: Calibri,Slate Pro,sans-serif; color:#262626
}/style /head body data-blackberry-caret-color=#00a8dfdivWhat
are the current rules or algorithms in place when dealing with some
mixture of http and https content in
Firefox?nbsp;/divdivbr/divdivA case I'm thinking about is a
drive-by download situation. If the main page is loaded âby https but
there are subsequent requests for files (images, js, css, fonts, iframes,
etc.) or Ajax calls to be made that are only http, will Firefox allow
them? Note that I don't care about the form cases where I load the form
html using https but submit the form data via http. I care about just the
files and content.nbsp;/divdivspan style=font-family: Calibri,
'Slate Pro', sans-serif;br name=BB10 caretmarkerset=INVALID
class=markedForCaretMarkerRemoval/span/divdivThanks in advance.
/divdivbr name=BB10 caretmarkerset=INVALID
class=markedForCaretMarkerRemoval/divdiv/div/body/html
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
I'm not sure which Mozilla list is more appropriate, but I suspect this
isn't the one (there's likely a more specific one for networking/mixed
content)
That said, you may wish to check out
https://w3c.github.io/webappsec/specs/mixedcontent/ , which is trying to
document and spec exactly what the behaviour is and should be.
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy