- From: Ingo Chao <i4chao@googlemail.com>
- Date: Thu, 11 Nov 2010 21:06:39 +0100
2010/11/11, timeless <timeless at gmail.com>: > On Thu, Nov 11, 2010 at 12:17 PM, Ingo Chao <i4chao at googlemail.com> wrote: >> For automated error reporting, say for a HTTPS mashup page with 3rd >> party advertisement content, I would like to have a security warning >> thrown for the mixed content situation (HTTPS mixed with HTTP >> content), accessible from JavaScript. >> >> Would that be possible to specify? > > sounds like it's asking for information disclosure. > > so offhand, i'd say "no". > > Use a web debugger (DragonFly, Firebug, ...). I use a web debugger for testing a control sample, but It does not help much until I know that every single ad is delivered via https. Usually, I don't know. For https mashups, users will see always a few security warnings in IE or Chrome, because a few components will be delivered via http. Thats good, but I would like to know that, too. The mashup should report that automatically. Hence my question regarding a warning which is accessible via JS. Thanks Ingo > -- Ingo Chao http://www.satzansatz.de/
Received on Thursday, 11 November 2010 12:06:39 UTC