Ticket #114 (closed defect: fixed)

Opened 8 years ago

Last modified 8 years ago

Secure Pages

Reported by: franzo Owned by: gogo
Priority: normal Milestone: Version 1.0
Component: Xinha Core Version: trunk
Severity: normal Keywords:
Cc:

Description

Internet Explorer prompts me with "This page contains both secure and non-secure items" when I use xinha on a secure site. This seems to be a well known problem for htmlarea but proposed fixes already seem to be a part of xinha.

Change History

Changed 8 years ago by wymsy

The warning is being generated by line 1012 (in build 119): 

  innerEditor.appendChild(iframe);

The solution is to apply the .src attribute to iframe first. Change 

  // create the IFRAME & add to container
  var iframe = document.createElement("iframe");
  innerEditor.appendChild(iframe);
  iframe.src = _editor_url + editor.config.URIs["blank"];
  this._iframe = iframe;

to 

  // create the IFRAME & add to container
  var iframe = document.createElement("iframe");
  iframe.src = _editor_url + editor.config.URIs["blank"];
  innerEditor.appendChild(iframe);
  this._iframe = iframe;

Changed 8 years ago by gogo

  • status changed from new to closed
  • version set to trunk
  • resolution set to fixed
  • milestone set to Version 1.0

Applied in changeset:148 if this doesn't fix the problem please reopen

Changed 8 years ago by anonymous

  • status changed from closed to reopened
  • resolution deleted

This problem seems to have returned.

Changed 8 years ago by wymsy

It appears the rewritten generate function reintroduced the same problem, so the solution should be the same - put this line 

this.iframe.src = _editor_url + editor.config.URIs["blank"];

before this line: 

this._framework.ed_cell.appendChild(iframe);

Changed 8 years ago by wymsy

Here's the corrected code. In HTMLArea.prototype.generate, change 

    // create the IFRAME & add to container
  var iframe = document.createElement("iframe");
  this._framework.ed_cell.appendChild(iframe);
  this._iframe = iframe;
  this._iframe.className = 'xinha_iframe';

to 

    // create the IFRAME & add to container
  var iframe = document.createElement("iframe");
  // Set src of iframe
  iframe.src = _editor_url + editor.config.URIs["blank"];
  this._framework.ed_cell.appendChild(iframe);
  this._iframe = iframe;
  this._iframe.className = 'xinha_iframe';

And delete these two lines at the end of the function: 

  // Set src of iframe
  this._iframe.src = _editor_url + editor.config.URIs["blank"];

This fixes the security warning, and does not appear to break anything else.

Changed 8 years ago by anonymous

  • component changed from Xinha Core to Plugin_CharacterMap

Changed 8 years ago by anonymous

  • milestone changed from Version 1.0 to 2.0

Changed 8 years ago by wymsy

  • component changed from Plugin_CharacterMap to Xinha Core
  • milestone changed from 2.0 to Version 1.0

Could somebody commit this simple fix? It was in the trunk for a while, then (presumably unintentionally) was removed in the midst of a rewrite of the generate() function. Thanks

Changed 8 years ago by gogo

  • status changed from reopened to closed
  • resolution set to fixed

Applied in changeset:268

Note: See TracTickets for help on using tickets.