Results 1 to 8 of 8

Thread: [CLOSED] [1.x] Secure/unsecure (mixed) content warning in IE

  1. #1
    Sencha User
    Join Date
    Jan 2009
    Posts
    23

    Exclamation [CLOSED] [1.x] Secure/unsecure (mixed) content warning in IE

    Hi,

    we are using ExtGwt for several months now (including building own layouts/components) and testing on IE reveals again and again the secure/unsecure content warning in IE when serving via HTTPS.

    Enabling the warning in Firefox never shows such a warning - and neither IE developer tools nor Yslow show any HTTP requests for unsecure URLs. So this must have to do with either undefined URLs (or bad ones like 'about:blank') for IFRAME elements (or similar) or it could have to do with a strange IE bug that is partially reported in http://support.microsoft.com/kb/925014 which is referenced in http://extjs.com/forum/showthread.php?t=23501&page=2.

    I guess that the problems that occur in our applications could have to do with the latter. Unfortunately I cannot provide a simple example where it occurs reliably. Though it looks as if it always occurs together with the tree component.

    But I can provide an update to the IMHO wrong MS support entry! MS claims that the usage of removeChild() causes the problem - but I couldn't reproduce that. The problem that is described in the ExtJS forum and a look at the (current ExtJS 2.0 code) reveals that the problem appears only (in IE6 and IE7) if the following situation occurs:

    • An element e exists with a style attribute that defines a background image url.
    • This element e is appended to a node that is not part of the document DOM (it is created but not appended to the body or any other deeper element).
    • The node (or a parent node...) is removed by either calling e.parentNode.removeChild(e) or by e.parentNode.innerHTML=" ".

    The important thing is that the element must not be part of the document DOM!

    Well, and that is exactly what ExtJS does to remove a node:

    Code:
            removeNode : isIE ? function(){ 
                var d; 
                return function(n){ 
                    if(n && n.tagName != 'BODY'){ 
                        d = d || document.createElement('div'); 
                        d.appendChild(n); 
                        d.innerHTML = ''; 
                    } 
                } 
            }() : function(n){ 
                if(n && n.parentNode && n.tagName != 'BODY'){ 
                    n.parentNode.removeChild(n); 
                } 
            },
    I suspect that ExtGwt does the same in some cases.
    Could a developer verify or disagree?

    Does anynbody experience the same issues?

    A similar problem was fixed in 1.0 RC2 (as of the release notes). What exactly was the problem at that time?

    We would be very very glad to get some help on this topic because currently we treat it as a serious problem for our application.

    Thanks a lot,
    Stefan

  2. #2
    Sencha User
    Join Date
    Jan 2009
    Posts
    23

    Default

    Hi again,

    it looks as if no one else is experiencing this problem?

    Support team, could you help us with the two questions:

    • Is there a similar JavaScript code to remove a node in IE in ExtGwt? Where?
    • What exactly was the problem that was fixed in 1.0 RC2 that dealt with this warning?

    Regards,
    Stefan

  3. #3
    Sencha Premium Member
    Join Date
    Sep 2007
    Posts
    13,976

    Default

    GXT uses the GWT DOM functionality. GXT isnt removing it with own methods. So no, there is no similar javascript code.

  4. #4
    Sencha User
    Join Date
    Jan 2009
    Posts
    23

    Default

    Thank you, Sven!

    So what was the problem "Mixed content warning in IE https" that was fixed in 1.0 RC2?

    Regards,
    Stefan

    PS: We are trying to create a simple example with ExtGwt components where the problem occurs...

  5. #5
    Sencha User
    Join Date
    Jan 2009
    Posts
    23

    Default Problem found

    Hi again,

    we finally found the reason!

    The problem is actually based on the IE bug described in the initial post (removing a document-less node that has a background-image defined via inline style) and occurs when a tree icon is set via a path to an image instead of a CSS class (com.extjs.gxt.ui.client.widget.tree.TreeItem.setIconStyle(String s)).

    When such a tree is used with HTTPS the problem occurs if the tree contains collapsed nodes (during rendering) - or something similar (we didn't sort that out in detail).

    So we recommend using CSS class names instead of image paths for defining icons (which is anyway the better approach from CSS customization point-of-view)!

    Regards,
    Stefan

  6. #6
    Sencha Premium Member
    Join Date
    Sep 2007
    Posts
    13,976

    Default

    Great that you figured it out.

  7. #7
    Ext User
    Join Date
    Apr 2007
    Posts
    226

    Default Can you pls. describe what changes do I need to do in order to solve this?

    Hi Stefan,

    I have the same problem.
    I create a normal tree, and receive the secure content warning.
    Can you pls. describe what changes do I need to do in order to solve this?

    Thanks,
    Maya
    Maya Lincoln
    www.processgene.com

  8. #8
    Sencha User
    Join Date
    Jan 2009
    Posts
    23

    Default

    Hi Maya,

    the problem was caused by the fact that we controlled the icons for each tree item using the CSS style attribute (treeItem.getElement().getStyle().setProperty("backgroundUrl", "images/myicon.png" - or a similar technology) instead of using
    treeItem.setIconStyle("my-icon") with a CSS definition like:

    .my-icon {
    background-image: url('images/myicon.png');
    }

    Hope that helps,
    Stefan

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •