Using a horizontal navigation menu while running SSL, IE6 gives 'unsecure content' warnings when expanding a top-level link with child items. I'm thinking it's a CSS issue related to the arrow images, but I haven't been able to track it down.

Thanks,
Nate

CommentFileSizeAuthor
#5 nice_menus-js-ssl-error-215477-5.patch1.76 KBadd1sun
#4 nice_menus.js-iframesrc.patch576 bytesnschindler

Comments

add1sun’s picture

add1sun commented

Do you think it is the same as this old issue, http://drupal.org/node/155184? The fix in that thread is in Nice menus now but since I don't have a test site on SSL I can't really troubleshoot or test.

nschindler’s picture

nschindler commented

Thanks for the quick response.
Actually, no, this doesn't seem to be the same issue. I can comment-out the entire line affected by the issue you've referenced and I still get the warning.

Now that I'm looking for it, it seems more related to 

var ifShim = document.createElement('iframe');

at line 22 in nice_menus.js.

If I change it to 

var ifShim = document.createElement('');

the issue goes away. However, I have no idea what this change might break.

-Nate

add1sun’s picture

add1sun commented

Hm, well looks like that removes the iFrame altogether. So apparently the dynamically created iFrame is causing the popup but that shim is needed for Nice Menus to work properly in IE6. Specifically it makes it so that the menus display properly when popping over a form select element. I guess if you don't have any circumstances where that would happen, you'll probably be OK, but it would be better to figure out why the iFrame pops secure warnings and fix it so it doesn't do it anymore.

I know very little JS and even less about SSL so I'll need to do research before I can even guess at a solution. I'll be very busy the next few weeks but I'll see what I can find out as I have time.

nschindler’s picture

nschindler commented
Version: 5.x-1.1 » 5.x-1.x-dev
Status: Active » Needs review
StatusFileSize
new nice_menus.js-iframesrc.patch576 bytes

Did a little looking around. Now that I've found a possible solution, this does seem to be related to your reference in #1, just in a different part of the code. It appears that iframes must have a src defined [1] to prevent security warnings in IE6 while SSL is in use. I've created a patch against 5.x-1.x-dev to add a src to the iframe in nice_menus.js based on the fix for the issue you've referenced and information I found in [2].

[1] http://support.microsoft.com/kb/261188
[2] http://jszen.blogspot.com/2005/05/secure-iframe-gotcha.html

add1sun’s picture

add1sun commented
StatusFileSize
new nice_menus-js-ssl-error-215477-5.patch1.76 KB

Hm, ya know looking at that, I'm wondering why we are creating the iFrame twice, once in the HTML and once in JS. I removed the HTML invocation to let jQuery handle all of that, as well as adding your src fix to the JS. Can you test this patch out and see if it works for you? We need to test two things:
1) Does it pop the warning anymore?
2) If your Nice menu pops out over a select form item does it display properly? (That is the whole reason for the iFrame anyway.) I often test this by simply putting the Navigation menu in a nice menu in the left sidebar and then go to the Admin > Site Config > Date and Time screen. The menu should pop over the select drop downs there and you can see if still looks OK.

nschindler’s picture

nschindler commented

Tested as you've requested in IE6, FF2, and IE7:

1) SSL warnings no longer appear
2) Menus render correctly over select forms

Looks rtbc to me.

add1sun’s picture

add1sun commented
Status: Needs review » Fixed

Awesome. Thanks for getting on this so quickly! I have committed this to 5 and rolled a new bug fix release for 5. I also added the changes to 6 and have rolled the official release for 6.

Anonymous’s picture

Anonymous (not verified) commented
Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for two weeks with no activity.