Bug#180846: mozilla: Incorrect "data sent over unencrypted
connection" message.
Mike Hommey
mh at glandium.org
Sat Apr 28 09:31:53 UTC 2007
On Thu, Feb 13, 2003 at 11:45:04AM +0100, Thomas Wouters <thomas at xs4all.net> wrote:
> Package: mozilla
> Version: 2:1.2.1-9
> Severity: normal
> Tags: upstream
>
> Using 'javascript:history.go(-1)' as the post-action of a form residing on a
> HTTP+SSL-retrieved page causes Mozilla (after clicking on the post button)
> to display this message:
>
> "Although this page is encrypted, the information you have entered is to be
> sent over an unencrypted connection and could easily be read by a third
> party.
>
> Are you sure you want to continue sending this information?"
>
> The entire webpage/call chain looks like this:
>
> https://example.org/login.cgi
> Form that takes loginname and password and posts to:
> https://example.org/auth.cgi
> loginname and password are considered incorrect and a form is created with
> only one input element, the submit button, with method="post" and
> action="javascript:history.go(-1);". Clicking the submit button generates
> the above mentioned warning.
>
> No unencrypted HTTP traffic had taken place in the browser, and no proxy was
> set. A simple <a href="javascript:history.go(-1)"> on the same page does not
> generate a warning, in spite of the 'warn when leaving encrypted pages'
> option being enabled, and following non-ssl http links giving a warning.
Could you check if this still applies to iceape (which replaces mozilla)
either in etch or unstable ?
Thanks
Mike
More information about the pkg-mozilla-maintainers
mailing list