https generates insecure warning with IE6

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Load helloworld example onto a https site.
2. View with Internet Explorer 6, 7 or 8.
3. Security Warning occurs (do I want to load data that was delivered
non-secure).

What is the expected output? What do you see instead?

No warning should be issued as no actual connection to non-secured data
occurs. This has been verified with packetsniffing with Wireshark.

What version of the product are you using? On what operating system,
browser, and version of Flash?
SVGWEB: svgweb-2009-09-16-Umberhulk-B
OS: Windows XP SP3
FLASH: 9.0.115.0

Please provide any additional information below. Reduced test cases are
always appreciated!

The html file used is the one located here:
http://svgweb.googlecode.com/svn/trunk/samples/javascript-samples/helloworld.htm
l
I edited the data-path to "." and put the svg.{js,htc,swf} files and the
helloworld.svg file all in the same directory on the web server. Firefox
reports no security warning. All IE's do, but the privacy report says only
https files are accessed (which wireshark confirms).

Original issue reported on code.google.com by gal...@gmail.com on 8 Oct 2009 at 11:32

[GoogleCodeExporter]

Actually, are you splitting your content between http and https? I think IE 
will warn
about insecure content in this case; it's technically a correct warning.

Original comment by bradneub...@gmail.com on 16 Oct 2009 at 3:13

[GoogleCodeExporter]

I have put all my files on https and only reference them via https, yet I still 
get
the warning.

Original comment by gal...@gmail.com on 16 Oct 2009 at 12:52

[GoogleCodeExporter]

The javascript:void(0) reference changed in r930 was the source of the insecure
warning on IE. I put a fix in but it could use some more exploration. 
Unfortunately I
cannot find the source where I originally learned this trick.

Another Issue is that IE requests image/svg+xml as a file for some reason when 
using ssl.

Original comment by grick23@gmail.com on 16 Oct 2009 at 4:03

• Changed state: Fixed

[GoogleCodeExporter]

Ok, I retested and I think I mixed up my testing results with trying to fix the
image/svg+xml thing.

The warning is gone for IE7 and IE8 but it is still there for IE6. I'll leave 
this
open but change the title.

Original comment by grick23@gmail.com on 17 Oct 2009 at 5:09

• Changed title: https generates insecure warning with IE6
• Changed state: Started

[GoogleCodeExporter]

Changing to priority low as this just affects IE 6 now.

Original comment by bradneub...@gmail.com on 22 Oct 2009 at 9:44

• Added labels: Priority-Low
• Removed labels: Priority-Medium

[GoogleCodeExporter]

Original comment by bradneub...@gmail.com on 10 Nov 2009 at 10:34

[GoogleCodeExporter]

In IE6 when I disable or enable "Mixed content" (option in security) this issue 
is
gone. It's just prompting for it because it *might* mix http or https content. 
Any
way to work around this?

Original comment by sebastia...@gmail.com on 26 Mar 2010 at 11:43

[GoogleCodeExporter]

At if else { // Internet Explorer
      // id is set to be __ie__svg__onload rather than __ie_onload so
      // we don't have name collisions with other scripts using this
      // code as well
line 827 I changed:

document.write('<script id=__ie__svg__onload defer '
                      + 'src="javascript:void(0)"><\/script>');
to
      document.write('<script id=__ie__svg__onload defer src="dummy.js"><\/script>');

And now the error is gone :D ...

Original comment by sebastia...@gmail.com on 26 Mar 2010 at 12:55

[GoogleCodeExporter]

Interesting; I'm surprised that works. dummy.js will actually return a 404 
under the covers. Does the page 
actually load? That line is to simulate onDOMContentLoaded on IE.

Original comment by bradneub...@gmail.com on 30 Mar 2010 at 5:36

• Added labels: Patch

[GoogleCodeExporter]

The source has changed since this bug was opened; it now has:

document.write('<script id="__ie__svg__onload" defer '
                      + 'src=//0><\/script>');

I don't have an https test setup so can't confirm whether this fixes the issue, 
but I have a feeling it does. Can 
@sebastiaan.blommers confirms whether the tip of SVG Web works for him?

Original comment by bradneub...@gmail.com on 8 Apr 2010 at 3:29

[GoogleCodeExporter]

Hi! It's working perfectly and it's even faster now. I still have 1 remaining
problem, IE6 on Citrix, but that's a common "Please give me problems"

Thanks for putting this in the tip. (and in release probl? for it is working)

Original comment by sebastia...@gmail.com on 19 Apr 2010 at 7:30

[GoogleCodeExporter]

Hi again. The code is fixed for IE6 *but* I noticed that on a Citrix 
environment on
https using IE6 with 256 bit encryption this does not work but the old 
"dummy.js"
does work but the file needs to exist (can be empty or space).

Best regards, Sebastiaan

Original comment by sebastia...@gmail.com on 19 Apr 2010 at 10:18