Opened 13 years ago

Closed 13 years ago

Last modified 10 years ago

#1342 closed defect (fixed)

new dojo not working with SSL in IE

Reported by: guest Owned by: alex
Priority: high Milestone:
Component: Loader Version: 0.3
Keywords: SSL Cc:
Blocked By: Blocking:

Description

IE 5 or 6 prompt that the page is accessing unsecured content. Firefox is fine.

The problem is in hostenv_browser.js, the code causing this is:

for Internet Explorer. readyState will not be achieved on init call, but dojo doesn't need it however, we'll include it because we don't know if there are other functions added that might. /*@cc_on @*/ /*@if (@_win32)

document.write("<script id=ie_onload defer src=javascript:void(0)></script>"); var script = document.getElementById("ie_onload"); script.onreadystatechange = function() {

if (this.readyState == "complete") {

dj_load_init(); call the onload handler

}

};

/*@end @*/

I have no idea why this code is causing this error, and so far, am unable to replace this code that works and does not have this problem.

Change History (5)

comment:1 Changed 13 years ago by guest

Version: 0.20.4

comment:2 Changed 13 years ago by dylan

Component: GeneralPackageSystem
Milestone: 0.4
Owner: changed from anonymous to alex
Priority: highesthigh
Version: 0.40.3

comment:3 Changed 13 years ago by guest

Some good reading: http://www.cherny.com/webdev/26/domloaded-object-literal-updated http://ajaxian.com/archives/ie-frame-bug

The problem is simply the reference to "javascript:void(0)", which IE (for some stupid reason) feels is insecure.

A similar problem happens in the iframe in iframe.js, which to use SSL in IE without a warning must have a src tag (you can find a few others like this by grepping for "javascript:void" and "<iframe" but these two are by far the most annoying).

We have modified our dojo in production to use src="blank.js" or "blank.html", which works great (whether the blank file exists or not), but requires an extra round trip to the server (not a problem for us - we have a 1GB connection). The other suggestions mentioned in the links I posted do work, but not 100% reliably across all versions of IE.

I was going to submit this as a patch, but would rather let the more experienced contributors decide on a general solution across all code in Dojo. You could decide which solution works best with each version of IE, and implement the best for each version. Or just decide to keep this simple and make all versions of IE require the round trip if using SSL, since most Dojo people probably use Firefox anyway.

Thanks, Brad V Bellomo Software Developer The Law Offices of John D. Clunk bbellomo@…

comment:4 Changed 13 years ago by Tom Trenka

Resolution: fixed
Status: newclosed

Fixed this a while ago.

comment:5 Changed 12 years ago by (none)

Milestone: 0.4

Milestone 0.4 deleted

Note: See TracTickets for help on using tickets.