Opened 6 years ago

Closed 6 years ago

#5062 closed Bug (fixed)

Security warning message occurs when loading wysiwyg area in IE6 under HTTPS.

Reported by: maedana Owned by: garry.yao
Priority: Normal Milestone: CKEditor 3.2
Component: General Version: SVN (CKEditor) - OLD
Keywords: Confirmed Review+ Cc:

Description

This problem was occured version 3.1, but wasn't occured version 3.0.

This seems very relevant to http://support.microsoft.com/kb/261188/en and http://dev.fckeditor.net/ticket/1920

Problem exists in wysiwyg area plugin line 276. http://dev.fckeditor.net/browser/CKEditor/tags/3.1/_source/plugins/wysiwygarea/plugin.js#L276 And it commited http://dev.fckeditor.net/changeset/4583

I think "src" attribute's value should not set blank.

Attachments (1)

5062.patch (1.0 KB) - added by garry.yao 6 years ago.

Download all attachments as: .zip

Change History (7)

comment:1 Changed 6 years ago by fredck

  • Milestone set to CKEditor 3.2

Changed 6 years ago by garry.yao

comment:2 Changed 6 years ago by garry.yao

  • Keywords Confirmed Review? added
  • Owner set to garry.yao
  • Status changed from new to assigned
  • Version changed from 3.1 to SVN (CKEditor)

The HTTPS warning also affect FF2/3.

comment:3 Changed 6 years ago by fredck

  • Keywords Review- added; Review? removed

In the dialog plugin we use the same solution proposed in the patch. In the panel plugin instead we use javascript:void(0) to help us on this. We may give it a try also to see if it solves the problem (I would prefer this approach).

Feel free to R? again for the same patch if the void(0) idea doesn't work, maybe also aligning the patch code to the dialog code.

comment:4 Changed 6 years ago by garry.yao

  • Keywords Review? added; Review- removed

Confirmed that 'javascript:void(0)' is sufficient to eliminate the security warning, but we still need the 'document.write' call in IE otherwise the 'load' event of iframe which we rely on won't work, so it's different with the panel system.

comment:5 Changed 6 years ago by fredck

  • Keywords Review+ added; Review? removed

comment:6 Changed 6 years ago by garry.yao

  • Resolution set to fixed
  • Status changed from assigned to closed

Fixed with [5109].

Note: See TracTickets for help on using tickets.
© 2003 – 2016 CKSource – Frederico Knabben. All rights reserved. | Terms of use | Privacy policy