Bug#180846: mozilla: Incorrect "data sent over unencrypted connection" message.

Mike Hommey mh at glandium.org
Sat Apr 28 09:31:53 UTC 2007

On Thu, Feb 13, 2003 at 11:45:04AM +0100, Thomas Wouters <thomas at xs4all.net> wrote:
> Package: mozilla
> Version: 2:1.2.1-9
> Severity: normal
> Tags: upstream
> Using 'javascript:history.go(-1)' as the post-action of a form residing on a
> HTTP+SSL-retrieved page causes Mozilla (after clicking on the post button)
> to display this message:
> "Although this page is encrypted, the information you have entered is to be
> sent over an unencrypted connection and could easily be read by a third
> party.
> Are you sure you want to continue sending this information?"
> The entire webpage/call chain looks like this:
> https://example.org/login.cgi
>   Form that takes loginname and password and posts to:
> https://example.org/auth.cgi
>   loginname and password are considered incorrect and a form is created with
>   only one input element, the submit button, with method="post" and
>   action="javascript:history.go(-1);". Clicking the submit button generates
>   the above mentioned warning.
> No unencrypted HTTP traffic had taken place in the browser, and no proxy was
> set. A simple <a href="javascript:history.go(-1)"> on the same page does not
> generate a warning, in spite of the 'warn when leaving encrypted pages'
> option being enabled, and following non-ssl http links giving a warning.

Could you check if this still applies to iceape (which replaces mozilla)
either in etch or unstable ?



More information about the pkg-mozilla-maintainers mailing list