Friday, April 29, 2011

IE 8 security warning - choosing not to display unsecure items - JS still run?

Hello, I've got google conversion tracking code (small bit of javascript) on a confirmation page on my site which is displayed after user completes a transaction. It is displayed on my wordpay callback page which is pulling data from the regular site (http) to the worldpay site (https) so IE 7/8 asks

"do you want to display non-secure items?"

Clicking no removes the CSS and all other styling info but still picks up the JS (can see it in the source code of page).

What I want to know is, does the code still get executed when the user clicks "no"? Because it is displayed you would assume so?

But the source of the page still displays the CSS and image links but they arnt rendered.

From stackoverflow
  • The warning occurs when your page is loaded from https and includes items that are loaded via http. So if your Javascript comes from a non-secure source then I'd expect it to be disabled, even though it still appears in the code (heck, why shouldn't it. IE doesn't alter the DOM in that case but rather doesn't load certain external elements – that's why you still see image tags, etc. in the source even though they are not rendered).

    Cerebrus : +1 for "heck, why shouldn't it" ! ;-)
  • i've got a simillar problem... IE prompts for display of 'non-nsecure' elements... i get this for javascript and flash (loading calls javascript... direct adobe/macromedia drag&drop implementation) doesnt really bother me if ppl have to confirm the page view but some with high security settings decline it by default settings (no prompt) and that is a problem

    page is ... its a simple javascript that has a table and a radnom function taht calls and writes one row of the table... something like "the thought of the day" (added the table comments and removed somea < begginig for the code visibility...)

    script language="JavaScript" type="text/javascript"> //THE TABLE

    !-- var r_text = new Array (); r_text[0] = "OBSTAJA SAMO EN JEZIK, JEZIK SRCA. OBSTAJA SAMO ENA RELIGIJA, RELIGIJA LJUBEZNI. OBSTAJA SAMO ENA KASTA, KASTA ČLOVEŠTVA. OBSTAJA SAMO EN BOG, KI JE VSEPRISOTEN. "; r_text[1] = "Tako kot dobro preživet dan prinese srečen spanec, dobro porabljeno življenje prinese srečno smrt."; r_text[2] = "Ne moremo storiti velikih dejanj. Le mala dejanja z veliko ljubezni."; r_text[3] = "Poskrbi da dobiš, kar imaš rad, drugače boš prisiljen imeti rad, kar boš dobil."; r_text[4] = "Pogum ni odsotnost strahu, je le sodba, da je nekaj drugega pomembneje od strahu"; r_text[5] = "Izkušnja ni nekaj, kar se ti zgodi. Izkušnja je, kar narediš s tistim, kar se ti zgodi."; r_text[6] = "Vprašaj se, če te to kar delaš danes, vodi tja, kjer želiš biti jutri."; r_text[7] = "Gram časa je gram zlata. A z gramom zlata ne moremo kupiti grama časa."; r_text[8] = "Resnično srečen je človek, ki zna povsem natančno presoditi samega sebe..."; r_text[9] = "Nič več se ne odločam verjeti v stare omejitve in v pomanjkanje.";


    var i = Math.floor(0*Math.random())

    document.write(r_text[i]); //-->


Post a Comment