Mixed scripts and other mixed content.

[lgarron]

Two options:

• mixed-______.badssl.com
• mixed.badssl.com/_____

Possible kinds of content:

• Javascript
• images
• audio
• video
• XHR
• Flash
• font
• css
• iframe
• form

It would also be nice to have combinations of these, or at least a page with all.

See https://www.bennish.net/mixed-content.html for an example with lots of mixed content.

[vtlynch]

I think it would be helpful to have a subdomain dedicated to a HTTPs page containing an HTML Form element and a <input type = "password"> field which posts to HTTP. Like this page: https://people.mozilla.org/~tvyas/password/password_insecure.html

Firefox will be adding a warning for this behavior. Chrome already shows the non-secure "page" icon.

https://support.mozilla.org/en-US/kb/insecure-password-warning-firefox

[april]

We already have a page for what Firefox will be warning about, which is a password field on an HTTP page:

http://http-password.badssl.com/

HTTPS page to HTTP form is a good use case. Typically, it would generate a popup warning. I'm not sure if that is changing with the upcoming Firefox changes.

[vtlynch]

Ah! Thank you April. I looked through the list and for some reason I did not see that existing subdomain. My mistake.