HierMenusCentral: Version 6 Known Issues--Issue #29--Mixed Content Security Warnings with IFrame Masking

We are providing HierMenus to you at no cost. HierMenus code requires a confirmed membership with internet.com. Please register by clicking here and come back soon to download your free copy of HeirMenus code.

Bulletins

		internet.commerce Partner With Us
		internet.com IT Developer Internet News Small Business Personal Technology Search internet.com Advertise Corporate Info Newsletters Tech Jobs E-mail Offers

Enhance the Functionality of Your Web Site with DHTML HierMenus.

home / issues / issue #29

Issue:	Mixed Content Security Warnings with IFrame Masking
Browser:	IE 5.5+
Platform:	Windows
Description:	When using the IFrame masking method to allow HierMenus to be displayed over the top of drop down form elements, Flash or Java Applets, or IFrames (see Known Issue #1) on a secure (HTTPS) site, you may receive multiple mixed content security warnings from Internet Explorer.
Cause:	The warnings are generated when the IFrames that will be inserted between the menu and the other page elements are created. If the page that is loaded into the IFrame is not also from the same HTTPS server that the actual HTML page is from, Internet Explorer generates a warning about potentially non-secure content being retrieved as part of your secure page. This warning is also triggered if you create and dynamically add an IFrame to the page without any specified content. We initially identified and discussed this issue as a part of the HierMenus 6.0.1 release. Our initial 6.0 HierMenus did not load any page into the IFrame, which we then unfortunately learned triggers the content warnings in the same manner as a non-https page would. In version 6.0.1, we thought we could bypass the warnings by loading a "void" page into the IFrame: `this.IEMask.src="javascript:void(0)";` While this fix removed the warnings in our own testing here, several users have written to let us know that the problem still remains in their implementations. Hence, the issue remains open at this time.
Workaround:	The only workaround we've found that removes the security warnings in all situations is to load an actual page into the IFrames from the secure server as part of the IFrame mask creation process. You can do this by first creating a blank page on your server, and then altering the `HM_f_IEMaskCreate` in the `HM_Loader` file to load your new page. Specifically, find this line: `this.IEMask.src="javascript:void(0)";` and change it to something like this: `this.IEMask.src="/myEmptyPage.html";` The process is a little trickier in the space optimized loader; but if you search the file for the `javascript:void(0)` keyword you should be able to find and change it easily enough.
Posted:	June 17, 2005

The Network for Technology Professionals

About Internet.com

Legal Notices, Licensing, Permissions, Privacy Policy.
Advertise | Newsletters | E-mail Offers

Solutions

Whitepapers and eBooks

Helpful Cloud Computing Resources

MORE WHITEPAPERS, EBOOKS, AND ARTICLES

Webcasts

User Experience Management Indicators for Business and IT Success
Ensuring Performance Meets Business and Web User Needs

MORE WEBCASTS, PODCASTS, AND VIDEOS

Downloads and eKits

MORE DOWNLOADS, EKITS, AND FREE TRIALS

Tutorials and Demos

Demo: Google Site Search
Virtual Event: Master Essential Techniques for Leveraging the Cloud
Article: Explore Application Lifecycle Management Tools in Visual Studio 2010
Internet.com Hot List: Get the Inside Scoop on IT and Developer Products

New Security Solutions Using Intel(R) vPro(TM) Technology
All About Botnets
MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES

Created: 6/17/2005
Updated: 6/17/2005
URL: http://www.hiermenuscentral.com/issues/29.html