Opened 13 years ago

Closed 12 years ago

#114 closed defect (fixed)

Secure Pages

Reported by: franzo Owned by: gogo
Priority: normal Milestone: Version 1.0
Component: Xinha Core Version: trunk
Severity: normal Keywords:
Cc:

Description

Internet Explorer prompts me with "This page contains both secure and non-secure items" when I use xinha on a secure site. This seems to be a well known problem for htmlarea but proposed fixes already seem to be a part of xinha.

Change History (9)

comment:1 Changed 13 years ago by wymsy

The warning is being generated by line 1012 (in build 119):

  innerEditor.appendChild(iframe);

The solution is to apply the .src attribute to iframe first. Change

  // create the IFRAME & add to container
  var iframe = document.createElement("iframe");
  innerEditor.appendChild(iframe);
  iframe.src = _editor_url + editor.config.URIs["blank"];
  this._iframe = iframe;

to

  // create the IFRAME & add to container
  var iframe = document.createElement("iframe");
  iframe.src = _editor_url + editor.config.URIs["blank"];
  innerEditor.appendChild(iframe);
  this._iframe = iframe;

comment:2 Changed 13 years ago by gogo

  • Milestone set to Version 1.0
  • Resolution set to fixed
  • Status changed from new to closed
  • Version set to trunk

Applied in changeset:148 if this doesn't fix the problem please reopen

comment:3 Changed 12 years ago by anonymous

  • Resolution fixed deleted
  • Status changed from closed to reopened

This problem seems to have returned.

comment:4 Changed 12 years ago by wymsy

It appears the rewritten generate function reintroduced the same problem, so the solution should be the same - put this line

this.iframe.src = _editor_url + editor.config.URIs["blank"];

before this line:

this._framework.ed_cell.appendChild(iframe);

comment:5 Changed 12 years ago by wymsy

Here's the corrected code. In HTMLArea.prototype.generate, change

    // create the IFRAME & add to container
  var iframe = document.createElement("iframe");
  this._framework.ed_cell.appendChild(iframe);
  this._iframe = iframe;
  this._iframe.className = 'xinha_iframe';

to

    // create the IFRAME & add to container
  var iframe = document.createElement("iframe");
  // Set src of iframe
  iframe.src = _editor_url + editor.config.URIs["blank"];
  this._framework.ed_cell.appendChild(iframe);
  this._iframe = iframe;
  this._iframe.className = 'xinha_iframe';

And delete these two lines at the end of the function:

  // Set src of iframe
  this._iframe.src = _editor_url + editor.config.URIs["blank"];

This fixes the security warning, and does not appear to break anything else.

comment:6 Changed 12 years ago by anonymous

  • Component changed from Xinha Core to Plugin_CharacterMap

comment:7 Changed 12 years ago by anonymous

  • Milestone changed from Version 1.0 to 2.0

comment:8 Changed 12 years ago by wymsy

  • Component changed from Plugin_CharacterMap to Xinha Core
  • Milestone changed from 2.0 to Version 1.0

Could somebody commit this simple fix? It was in the trunk for a while, then (presumably unintentionally) was removed in the midst of a rewrite of the generate() function. Thanks

comment:9 Changed 12 years ago by gogo

  • Resolution set to fixed
  • Status changed from reopened to closed

Applied in changeset:268

Note: See TracTickets for help on using tickets.