To reproduce:

Enable SSL for the whole site.
Enable the upload module.
Edit a story.

You will get the dreaded "Security Information" warning.

Why? IE6/7beta incorrectly fetches http://about:blank (i think) when the src argument is ommited from an

. Fix: add src="javascript:false;" to misc/drupal.js:336: div.innerHTML = '

';

Comments

serbaut’s picture

serbaut commented

Forgot to add code tags, here is the line

misc/drupal.js:336:  div.innerHTML = '<iframe name="redirect-target" id="redirect-target" class="redirect" onload="window.iframeHandler();"></iframe>';

change to 

misc/drupal.js:336:  div.innerHTML = '<iframe src="javascript:false;" name="redirect-target" id="redirect-target" class="redirect" onload="window.iframeHandler();"></iframe>';
nedjo’s picture

nedjo
he/him/his
Primary language English
commented
Project: Javascript Tools » Drupal core
Version: 4.7.x-1.x-dev » x.y.z
Component: Other » other

Moving, drupal.js is in Drupal core.

markus_petrux’s picture

markus_petrux commented

Entering javascript:false; in the address bar of IE shows "false" in the document area.

I think it is best to use "javascript:void(0);"

markus_petrux’s picture

markus_petrux commented

...or no src attribute at all, but IIRC there are browser bugs involved here. I think it was that the onload event handler failed to work on some browsers.

serbaut’s picture

serbaut commented

Maybe I wasnt clear, but yes, the bug is in IE6 and not drupal. This is a workaround.

magico’s picture

magico commented
Status: Active » Closed (won't fix)

Not a Drupal bug.