[richfaces-issues] [JBoss JIRA] Updated: (RF-11344) rich:fileUpload causes a browser security warning in IE when using HTTPS

Lee Theobald (JIRA) jira-events at lists.jboss.org
Tue Aug 23 09:34:18 EDT 2011 

     [ https://issues.jboss.org/browse/RF-11344?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Lee Theobald updated RF-11344:
------------------------------

     Original Estimate:     (was: 4 hours)
    Remaining Estimate:     (was: 4 hours)
                Labels: richfaces  (was: )
           Environment: IE7/Windows 7, HTTPS  (was: IE6/Windows XP, HTTPS)
              Priority: Minor  (was: Major)
           Description: 
I believe this is similar to previously fixed bug #4583 : https://issues.jboss.org/browse/RF-4583

The Richfaces FileUpload is rendered using an IFrame without a source attribute.  When using Internet Explorer, this displays a security warning that you are about to view a secure page with unsecure elements.

I've fixed this locally by adding a simple src="javascript:false;" to the IFrame via JavaScript on page load.

  was:
The Richfaces ComboBox is rendered using an empty iFrame when using Internet Explorer.
This causes IE 6 to display a security warning that you are about to view a secure page with unsecure elements because the iFrame has an empty page inside which apparently IE considers an unsecure element..

This problem can be easily resolved by putting a relative reference to an empty page into the iFrame.

           Component/s: component-input


> rich:fileUpload causes a browser security warning in IE when using HTTPS
> ------------------------------------------------------------------------
>
>                 Key: RF-11344
>                 URL: https://issues.jboss.org/browse/RF-11344
>             Project: RichFaces
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: component-input
>    Affects Versions: 3.2.2
>         Environment: IE7/Windows 7, HTTPS
>            Reporter: Lee Theobald
>            Assignee: Mikhail Vitenkov
>            Priority: Minor
>              Labels: richfaces
>             Fix For: 3.3.0
>
>
> I believe this is similar to previously fixed bug #4583 : https://issues.jboss.org/browse/RF-4583
> The Richfaces FileUpload is rendered using an IFrame without a source attribute.  When using Internet Explorer, this displays a security warning that you are about to view a secure page with unsecure elements.
> I've fixed this locally by adding a simple src="javascript:false;" to the IFrame via JavaScript on page load.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the richfaces-issues mailing list