Mantis Bugtracker          
testlink.org

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0002905TestLinkUser Interface Generalpublic2009-10-20 19:212010-08-31 20:29
Reporterkalins 
Assigned Tofman 
PrioritynormalSeverityminorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version1.8.4 
Fixed in Version1.9 Beta 5 
Summary0002905: Testlink 1.8.4 over SSL gives Mixed content warnings in IE
DescriptionTestlink 1.8.4 accessed over SSL gives Mixed content warnings in IE (tested on IE6 and IE7).

I also tried to access pages with navBar.php and with mainPage.php frames removed. It causes mixed content warnings in both cases anyway.
Additional InformationOther bits regarding of reproducibility:
* Warning always shown on: login page, home
* Warning never shown on: other pages. However, if I try to access these pages without frames (e.g. just by https://<host>/testlink/lib/plan/planView.php [^]) it will show content warning anyway.

Related forum topic:
http://www.teamst.org/phpBB2/viewtopic.php?t=2334 [^]
TagsNo tags attached.
Database (MySQL,Postgres,etc)
BrowserIE6, IE7
PHP Version5.2.8
TestCaseID
QA Team - Task Workflow Status
Attached Filespng file icon warn.png [^] (4,826 bytes) 2009-10-20 19:21


diff file icon sorttable.diff [^] (660 bytes) 2010-05-18 07:18 [Show Content]
zip file icon fix-2905.zip [^] (5,740 bytes) 2010-05-20 07:04

- Relationships

-  Notes
(0008138)
marschuh (reporter)
2009-10-27 01:03

Same problem with 1.8.3 here.

This may be related to use of removeChild on div elements with background images
, for example discussed on the extjs site:

 http://www.extjs.com/forum/showthread.php?p=233555 [^]
  linking to http://davidovitz.blogspot.com/2006/09/https-bug-in-ie.html [^]
  and http://support.microsoft.com/kb/925014/en-us [^]

Is there something what changed between 1.8.3 and versions before, which could trigger such a problem?
(0008139)
marschuh (reporter)
2009-10-27 01:43

Update:

found another helpful link

  http://blog.httpwatch.com/2009/09/17/even-more-problems-with-the-ie-8-mixed-content-warning/ [^]

for IE's mixed contentent warnings when using code like

 <script id="__ie_onload" src="javascript:void(0)"></script>"

found this code in gui/javascript/sorttable.js, changed it to

 document.write("<script id=\"__ie_onload\" defer src=\"//:\"><\/script>");

=> No more IE-warning about mixed content warning - at least with IE8.
(0010048)
twelve (reporter)
2010-05-18 07:17

The bug in the sorttable library is documented at http://www.kryogenix.org/bugs/sorttable/https-secure-content.html [^]

The attached patch for Testlink 1.9 Beta 3 fixes the problem with the workaround documented in the above link.
(0010051)
fman (administrator)
2010-05-18 10:15

Thanks! will try to apply
(0010052)
marschuh (reporter)
2010-05-18 10:48

Thanks.

Just one more comment:
Eric Law's Blog gives even more insight:
  http://blogs.msdn.com/ieinternals/archive/2009/06/22/HTTPS-Mixed-Content-in-IE8.aspx [^]

It seems, that the use of 'scr=javascript:void(0)' in this context is a complete myth. The src="javascript:void(0)" wants to be "nothing", but "<script></script>" should be "nothing", too.

I would follow Eric's advice and delete the src attribute:

- document.write("<script id=__ie_onload defer src=javascript:void(0><\/script>");
+ document.write("<script id=\"__ie_onload\" defer=\"defer\"><\/script>");

But I can understand, if TestLink authors follow the workaround, which Stuart Langridge as author of sorttable.js, the used 3rd party lib, is proposing.
(0011200)
fman (administrator)
2010-08-31 20:29

Release BETA 6 - 20100831

- Issue History
Date Modified Username Field Change
2009-10-20 19:21 kalins New Issue
2009-10-20 19:21 kalins File Added: warn.png
2009-10-20 19:21 kalins Browser => IE6, IE7
2009-10-20 19:21 kalins PHP Version => 5.2.8
2009-10-27 01:03 marschuh Note Added: 0008138
2009-10-27 01:43 marschuh Note Added: 0008139
2010-05-18 07:17 twelve Note Added: 0010048
2010-05-18 07:18 twelve File Added: sorttable.diff
2010-05-18 10:15 fman Note Added: 0010051
2010-05-18 10:15 fman Assigned To => fman
2010-05-18 10:15 fman Status new => assigned
2010-05-18 10:48 marschuh Note Added: 0010052
2010-05-20 07:04 fman File Added: fix-2905.zip
2010-05-20 07:05 fman Status assigned => resolved
2010-05-20 07:05 fman Fixed in Version => 1.9 Beta 5
2010-05-20 07:05 fman Resolution open => fixed
2010-08-31 20:29 fman Note Added: 0011200
2010-08-31 20:29 fman Status resolved => closed



Copyright © 2000 - 2019 MantisBT Team
Powered by Mantis Bugtracker