Opened 8 years ago

Closed 8 years ago

#7684 closed bug (worksforme)

jQuery UI Tab yields IE8 Security Warning

Reported by: CraigCeleste Owned by:
Priority: minor Milestone: 1.9.0
Component: ui.tabs Version: 1.8.16
Keywords: Cc:
Blocked by: Blocking:

Description

Possibly a bug in jQuery.core. See below.

jQuery: 1.6.2 jQuery UI Tabs: 1.8.16 Browser: IE8.0.7601.17514 (other flavors of IE8 too - didn't try IE6/7)

IE8 displays the following error message when jQuery Tabs loads a tab using ajax.

"This page contains both secure and nonsecure items. Do you want to display the nonsecure items?"

IE7 bug: http://support.microsoft.com/kb/925014 The MS article says IE7 but it happens in IE8 for me.

Setup:

a) You are using an HTTPS/SSL connection. b) Using "default level" Security settings for Internet zone.

-- doesn't exhibit on a local IIS or Intranet zone for some reason. More tweaking might.

c) All jQuery UI scripts and images download as HTTPS. There is no mixed content. d) load content into one tab that contains an element with a background image (a ui-icon)

-- the relative URL of the ui-image is what is mistaken for mixed content.

e) Navigate to a different tab. f) Navigate back to the tab in step (d), causing it to reload using ajax.

-- the removal of the element with the ui-image causes the bug. not the new content.

For more details, see the MS link above.

We fixed it in our local copy of jQuery UI by changing the following line of code in jQuery Tabs.

From: self.element.find( self._sanitizeSelector( a.hash ) ).html( r );

To: self.element.find( self._sanitizeSelector( a.hash ) ).html().html( r );

Arguably jQuery Tabs shouldn't be responsible for looking out for this bug. But we didn't want to fix it in jQuery .html() as that seemed more dangerous for us at the time.

Cheers, Craig

Change History (1)

comment:1 Changed 8 years ago by Scott González

Resolution: worksforme
Status: newclosed

I'm not seeing any errors in IE 8. The support article you link to also doesn't make any sense for the error you're describing. It doesn't list IE 8 as being affected and workaround #2 (defining the background image in a stylesheet) is already done.

Note: See TracTickets for help on using tickets.