George Anderson
2005-Sep-15 17:10 UTC
[Rails-spinoffs] IE iframe bug with Autocompleter over HTTPS
I ran across an issues using the Autocompleter over HTTPS in IE (6.0 in WinXP Pro SP2). I plan to submit a bug report to the Ruby on Rails trac, but first I''d like "to discuss this on th[is] Mailing List beforehand, maybe it''s already known and in the works, or it isn''t a bug" (per http://wiki.script.aculo.us/scriptaculous/show/BugReports) The autocomplete works, but the first time it fires, you get a "Downloading non-secure content from a secure Web site" warning. I eventually found a clue at: http://crazybob.org/2005/06/ajax-ie-iframe-bug.html. The problem is with the (generated) iframe missing the src attribute (the attribute was set dynamically later on by Javascript). The iframe tag in question gets generated by lines 89 - 91 of controls.js: ''<iframe id="'' + this.update.id + ''_iefix" ''+ ''style="display:none;filter:progid:DXImageTransform.Microsoft.Alpha(apacity=0);" '' + ''src="javascript:;" frameborder="0" scrolling="no"></iframe>''); The ''src="javascript:;" causes IE to load some non-secure page (a commenter surmises that it may load "about:blank"). Regardless, IE deems this "page" as non-secure. I tried removing the "javascript:;" bit, making the scr a zero-length string, but that throws the same warning. src="'' + document.location.href + ''" throws the same warning even though it renders as src="https://my.server.tld/mypage.asp" The way I worked around it was to set src="/blankpage.asp" (which actually exists on the web server). Any ideas? Or should I open a ticket? Thanks, George
Thomas Fuchs
2005-Sep-15 17:19 UTC
[Rails-spinoffs] IE iframe bug with Autocompleter over HTTPS
Yeah, please open a ticket. Maybe a solution can be found without needing the blank page on the server. Sounds like a very strange thing. Note that if you don''t have any IE "windowed controls"[1] (like SELECT) underneath the autocompletion popup div, you can completly disable the iframe, it''s only to work around[2][3] IEs z-ordering problem. Thomas [1] http://support.microsoft.com/kb/q177378/ [2] http://dotnetjunkies.com/WebLog/jking/archive/2003/07/21/488.aspx [3] http://www.macridesweb.com/oltest/IframeShim.html Am 15.09.2005 um 23:11 schrieb George Anderson:> I ran across an issues using the Autocompleter over HTTPS in IE (6.0 > in WinXP Pro SP2). > > I plan to submit a bug report to the Ruby on Rails trac, but first I''d > like "to discuss this on th[is] Mailing List beforehand, maybe it''s > already known and in the works, or it isn''t a bug" (per > http://wiki.script.aculo.us/scriptaculous/show/BugReports) > > The autocomplete works, but the first time it fires, you get a > "Downloading non-secure content from a secure Web site" warning. > > I eventually found a clue at: > http://crazybob.org/2005/06/ajax-ie-iframe-bug.html. The problem is > with the (generated) iframe missing the src attribute (the attribute > was set dynamically later on by Javascript). > > The iframe tag in question gets generated by lines 89 - 91 of > controls.js: > > ''<iframe id="'' + this.update.id + ''_iefix" ''+ > > ''style="display:none;filter:progid:DXImageTransform.Microsoft.Alpha > (apacity=0);" > '' + > ''src="javascript:;" frameborder="0" scrolling="no"></iframe>''); > > The ''src="javascript:;" causes IE to load some non-secure page (a > commenter surmises that it may load "about:blank"). Regardless, IE > deems this "page" as non-secure. > > I tried removing the "javascript:;" bit, making the scr a zero-length > string, but that throws the same warning. > > src="'' + document.location.href + ''" throws the same warning even > though it renders as src="https://my.server.tld/mypage.asp" > > The way I worked around it was to set src="/blankpage.asp" (which > actually exists on the web server). > > Any ideas? Or should I open a ticket? > > Thanks, > > George > _______________________________________________ > Rails-spinoffs mailing list > Rails-spinoffs@lists.rubyonrails.org > http://lists.rubyonrails.org/mailman/listinfo/rails-spinoffs >
George Anderson
2005-Sep-15 17:29 UTC
[Rails-spinoffs] IE iframe bug with Autocompleter over HTTPS
I found the fix: src="javascript:false;" Then I checked out the lastest (rev 2240) from SVN to make a patch, only to find it''s fixed. I should have looked a bit more before posting. Thanks. -- George On 9/15/05, Thomas Fuchs <thomas@fesch.at> wrote:> Yeah, please open a ticket. Maybe a solution can be found without > needing the blank page on the server. Sounds like a very strange thing. > > Note that if you don''t have any IE "windowed controls"[1] (like SELECT) > underneath the autocompletion popup div, you can completly disable > the iframe, it''s only to work around[2][3] IEs z-ordering problem. > > Thomas > > [1] http://support.microsoft.com/kb/q177378/ > [2] http://dotnetjunkies.com/WebLog/jking/archive/2003/07/21/488.aspx > [3] http://www.macridesweb.com/oltest/IframeShim.html > > Am 15.09.2005 um 23:11 schrieb George Anderson: > > > I ran across an issues using the Autocompleter over HTTPS in IE (6.0 > > in WinXP Pro SP2). > > > > I plan to submit a bug report to the Ruby on Rails trac, but first I''d > > like "to discuss this on th[is] Mailing List beforehand, maybe it''s > > already known and in the works, or it isn''t a bug" (per > > http://wiki.script.aculo.us/scriptaculous/show/BugReports) > > > > The autocomplete works, but the first time it fires, you get a > > "Downloading non-secure content from a secure Web site" warning. > > > > I eventually found a clue at: > > http://crazybob.org/2005/06/ajax-ie-iframe-bug.html. The problem is > > with the (generated) iframe missing the src attribute (the attribute > > was set dynamically later on by Javascript). > > > > The iframe tag in question gets generated by lines 89 - 91 of > > controls.js: > > > > ''<iframe id="'' + this.update.id + ''_iefix" ''+ > > > > ''style="display:none;filter:progid:DXImageTransform.Microsoft.Alpha > > (apacity=0);" > > '' + > > ''src="javascript:;" frameborder="0" scrolling="no"></iframe>''); > > > > The ''src="javascript:;" causes IE to load some non-secure page (a > > commenter surmises that it may load "about:blank"). Regardless, IE > > deems this "page" as non-secure. > > > > I tried removing the "javascript:;" bit, making the scr a zero-length > > string, but that throws the same warning. > > > > src="'' + document.location.href + ''" throws the same warning even > > though it renders as src="https://my.server.tld/mypage.asp" > > > > The way I worked around it was to set src="/blankpage.asp" (which > > actually exists on the web server). > > > > Any ideas? Or should I open a ticket? > > > > Thanks, > > > > George > > _______________________________________________ > > Rails-spinoffs mailing list > > Rails-spinoffs@lists.rubyonrails.org > > http://lists.rubyonrails.org/mailman/listinfo/rails-spinoffs > > > >