Re: [Xsltforms-support] In IE11 in secure mode (https) a call to document.write fails
Brought to you by:
alain-couthures
From: Javier D. <jd...@tc...> - 2015-03-04 18:02:50
|
Hello, although I use an old xsltforms version (r574) I have the same error using IE10 (we are tring to support IE10 in our xsltforms web): "HTTPS security is compromised by (null)". I think this problem still appears in newest version. I have no problem with IE8, Firefox and Chrome. All the web is using https, and no http request is done. We have the problem in two situations: * Using asynchronous submissions. To avoid the problem I have change js code to force synchronous request in IE10: isIE9 : navigator.userAgent.match(/\bMSIE\b/) && !navigator.userAgent.match(/\bOpera\b/) && window.addEventListener, + isIE10 : navigator.userAgent.match(/\bMSIE\b/) && window.FileReader, isIE6 : navigator.userAgent.match(/\bMSIE 6\.0/), ------- this.synchr = synchr; + //jde - Tenemos problemas con el modo asíncrono en Explorer 10, lo hacemos siempre síncrono + if (XsltForms_browser.isIE10) { + this.synchr = true; + } this.show = show; I don't know if it is a better way to solve this problem, it works for me. * Using triggers to make submissions that replace form: I have in model: <xf:submission id="ver_detalle" method="get" validate="false()" ref="instance('tareaSeleccionada')" replace="all" resource="WGOLIATH/TAREAS/detalleTarea.xml"> And in view: <xf:action ev:event="DOMActivate"> <xf:setvalue ref="instance('tareaSeleccionada')/tareaSeleccionada" model="datos" value="instance('tareas')/tarea s_generadas/vct[index('lista-tareas-generadas')]/elm[1]"/> <xf:send submission="ver_detalle"/> </xf:action> Debugging code, when new html replaces old one with document.write method, error SEC7111 appears. When using a submit control it works ok: <xf:submit submission="enviar"> <xf:label>Generar</xf:label> </xf:submit> Unfortunately, not always it is possible to use it, when some aditional logic it is necessary. To solve this problem, I forced to open the result in a new window. It is not a good solution, but at least, web page is usable. + if (XsltForms_browser.isIE10 && this.replace === "all") { + this.show = "new"; + } Another way to solve the problem is to force IE8 compatibility using the following: <meta http-equiv="X-UA-Compatible" content="IE=EmulateIE8"/> But it causes not being able to use FileReader API to upload files. Do you know any other better way to solve this problems? Best Regards, Javier El 17/11/14 a las 23:24, lk...@li... escribió: > Alain, > I saw the MS docs on SEC7111, but in this particular case it's not > mixed content. As a matter of fact, the error displayed does not have > a reference to offending resource (as it should) It shows: "|HTTPS > security is compromised by (null)"| > > The content that server returns, and that document.write fails on is > <script type="text/javascript"> window.location.href="FULL URL HERE > WITH HTTPS protocol"; </script>. We did try writing out a full HTML > page - same results > > The only mention of similar problem I could find was in BIG-IP support > forum, listing a similar > error:https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/windows-81-ki-suppl-doc.html > (Issue 437652) > > Hope this helps. > > --Leonid > > ------------------------------------------------------------------------ > *From: *"alain couthures" <ala...@ag...> > *To: *lk...@li..., xsl...@li... > *Sent: *Monday, November 17, 2014 2:39:15 PM > *Subject: *Re: [Xsltforms-support] In IE11 in secure mode (https) a > call to document.write fails > > Leonid, > > Apparently, it might be due to mixed content HTTP/HTTPS > (http://forums.asp.net/t/1777899.aspx?SEC7111+HTTPS+security+is+compromised). > > > What do you think? > > --Alain > > Le 17 novembre 2014 à 16:43, lk...@li... a écrit : > > Alain, > As we tested our application that uses XSLTForms 1.0 RC2 we > discovered a really bad bug. I'm pretty sure that is a bug with > IE11, and not with XSLTForms, but the result is that forms > submissions under IE11 in HTTPS mode do not work. > Here is what happens. A form in the synchronous mode gets > submitted to the back-end, processed, and a new page is returned > successfully. At this time xsltforms.js executes function defined > on line 8120. Then, after some checks it gets to line 8178 which > replaces content of the form page with whatever the server > returned. In all browsers, except IE11 it works fine. IE11 throws > a security error SEC7111, and stops JavaScript processing. > > I'm not sure if you can do anything about it, but thought it would > be a good idea to let other people know about it. We temporarily > added specific code to use window.open() for IE11 to bypass the > issue, but it is not a generic solution as we know what URL is the > next page. > > Thanks for your work! > > Leonid Kagan, CTO > Life Data Systems,Inc. > Confidentiality Note: This message is intended for use only by the > individual or entity to which it is addressed and may contain > information that is privileged, confidential, and exempt from > disclosure under applicable law. > > > > > ------------------------------------------------------------------------------ > > Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server > from Actuate! Instantly Supercharge Your Business Reports and > Dashboards > with Interactivity, Sharing, Native Excel Exports, App Integration > & more > Get technology previously reserved for billion-dollar > corporations, FREE > http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk_______________________________________________ > > Xsltforms-support mailing list > Xsl...@li... > https://lists.sourceforge.net/lists/listinfo/xsltforms-support > > > > > > > ------------------------------------------------------------------------------ > Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server > from Actuate! Instantly Supercharge Your Business Reports and Dashboards > with Interactivity, Sharing, Native Excel Exports, App Integration & more > Get technology previously reserved for billion-dollar corporations, FREE > http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk > > > _______________________________________________ > Xsltforms-support mailing list > Xsl...@li... > https://lists.sourceforge.net/lists/listinfo/xsltforms-support |