[whatwg] Encrypted HTTP and related security concerns - make mixed content warnings accessible from JS?

Ingo Chao i4chao at googlemail.com
Fri Nov 12 14:02:16 PST 2010

2010/11/12, Daniel Veditz <dveditz at mozilla.com>:
> On 11/11/10 12:06 PM, Ingo Chao wrote:
>> For https mashups, users will see always a few
>> security warnings in IE or Chrome, because a few components will be
>> delivered via http. Thats good, but I would like to know that, too.
>> The mashup should report that automatically. Hence my question
>> regarding a warning which is accessible via JS.
> What do you want to know, and what will your page do with that?
> Simply that "something" was loaded insecurely? An event that
> something was loaded insecurely so you can stop it from loading?
> Detailed knowledge of what URL was loaded insecurely and by whom
> (not likely to fly)?

An event that says 'something was loaded insecurely' would be helpful.
No need to report the URL, and no need to have the ability to prevent
the loading in the first place.

The bug reporting tool of the mashup page would inform me that the
mixed content warning event was fired. These issues have to be
investigated manually in any case.



Ingo Chao

More information about the whatwg mailing list