Re: [Xsltforms-support] In IE11 in secure mode (https) a call to document.write fails

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hello,

although I use an old xsltforms version (r574) I have the same error
using IE10 (we are tring to support IE10 in our xsltforms web): "HTTPS
security is compromised by (null)". I think this problem still appears
in newest version.

I have no problem with IE8, Firefox and Chrome. All the web is using
https, and no http request is done.

We have the problem in two situations:
* Using asynchronous submissions. To avoid the problem I have change js
code to force synchronous request in IE10:

        isIE9 : navigator.userAgent.match(/\bMSIE\b/) &&
!navigator.userAgent.match(/\bOpera\b/) && window.addEventListener,
+       isIE10 : navigator.userAgent.match(/\bMSIE\b/) && window.FileReader,
        isIE6 : navigator.userAgent.match(/\bMSIE 6\.0/),

-------
        this.synchr = synchr;
+       //jde - Tenemos problemas con el modo asíncrono en Explorer 10,
lo hacemos siempre síncrono
+       if (XsltForms_browser.isIE10) {
+           this.synchr = true;
+       }
        this.show = show;

I don't know if it is a better way to solve this problem, it works for me.

* Using triggers to make submissions that replace form:

I have in model:

<xf:submission id="ver_detalle" method="get" validate="false()"
ref="instance('tareaSeleccionada')" replace="all"
resource="WGOLIATH/TAREAS/detalleTarea.xml">

And in view:

<xf:action ev:event="DOMActivate">
    <xf:setvalue ref="instance('tareaSeleccionada')/tareaSeleccionada"
model="datos" value="instance('tareas')/tarea
s_generadas/vct[index('lista-tareas-generadas')]/elm[1]"/>
    <xf:send submission="ver_detalle"/>
</xf:action>

Debugging code, when new html replaces old one with document.write
method, error SEC7111 appears. When using a submit control it works ok:

<xf:submit submission="enviar">
     <xf:label>Generar</xf:label>
</xf:submit>

Unfortunately, not always it is possible to use it, when some aditional
logic it is necessary.

To solve this problem, I forced to open the result in a new window. It
is not a good solution, but at least, web page is usable.

+       if (XsltForms_browser.isIE10 && this.replace === "all") {
+           this.show = "new";
+       }

Another way to solve the problem is to force IE8 compatibility using the
following:

<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE8"/>

But it causes not being able to use FileReader API to upload files.

Do you know any other better way to solve this problems?

Best Regards,
Javier

El 17/11/14 a las 23:24, lk...@li... escribió:
> Alain,
> I saw the MS docs on SEC7111, but in this particular case it's not
> mixed content. As a matter of fact, the error displayed does not have
> a reference to offending resource (as it should) It shows: "|HTTPS
> security is compromised by (null)"|
>
> The content that server returns, and that document.write fails on is
> <script type="text/javascript"> window.location.href="FULL URL HERE
> WITH HTTPS protocol"; </script>. We did try writing out a full HTML
> page - same results
>
> The only mention of similar problem I could find was in BIG-IP support
> forum, listing a similar
> error:https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/windows-81-ki-suppl-doc.html
> (Issue 437652)
>
> Hope this helps.
>
> --Leonid
>
> ------------------------------------------------------------------------
> *From: *"alain couthures" <ala...@ag...>
> *To: *lk...@li..., xsl...@li...
> *Sent: *Monday, November 17, 2014 2:39:15 PM
> *Subject: *Re: [Xsltforms-support] In IE11 in secure mode (https) a
> call to document.write fails
>
> Leonid,
>  
> Apparently, it might be due to mixed content HTTP/HTTPS
> (http://forums.asp.net/t/1777899.aspx?SEC7111+HTTPS+security+is+compromised).
>
>  
> What do you think?
>  
> --Alain
>
>     Le 17 novembre 2014 à 16:43, lk...@li... a écrit :
>
>     Alain,
>     As we tested our application that uses XSLTForms 1.0 RC2 we
>     discovered a really bad bug. I'm pretty sure that is a bug with
>     IE11, and not with XSLTForms, but the result is that forms
>     submissions under IE11 in HTTPS mode do not work.
>     Here is what happens. A form in the synchronous mode gets
>     submitted to the back-end, processed, and a new page is returned
>     successfully. At this time xsltforms.js executes function defined
>     on line 8120. Then, after some checks it gets to line 8178 which
>     replaces content of the form page with whatever the server
>     returned. In all browsers, except IE11 it works fine. IE11 throws
>     a security error SEC7111, and stops JavaScript processing.
>
>     I'm not sure if you can do anything about it, but thought it would
>     be a good idea to let other people know about it. We temporarily
>     added specific code to use window.open() for IE11 to bypass the
>     issue, but it is not a generic solution as we know what URL is the
>     next page.
>
>     Thanks for your work!
>
>     Leonid Kagan, CTO
>     Life Data Systems,Inc.
>     Confidentiality Note: This message is intended for use only by the
>     individual or entity to which it is addressed and may contain
>     information that is privileged, confidential, and exempt from
>     disclosure under applicable law.
>
>
>  
>
>     ------------------------------------------------------------------------------
>
>     Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
>     from Actuate! Instantly Supercharge Your Business Reports and
>     Dashboards
>     with Interactivity, Sharing, Native Excel Exports, App Integration
>     & more
>     Get technology previously reserved for billion-dollar
>     corporations, FREE
>     http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk_______________________________________________
>
>     Xsltforms-support mailing list
>     Xsl...@li...
>     https://lists.sourceforge.net/lists/listinfo/xsltforms-support 
>
>
>  
>
>
>
> ------------------------------------------------------------------------------
> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
> from Actuate! Instantly Supercharge Your Business Reports and Dashboards
> with Interactivity, Sharing, Native Excel Exports, App Integration & more
> Get technology previously reserved for billion-dollar corporations, FREE
> http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk
>
>
> _______________________________________________
> Xsltforms-support mailing list
> Xsl...@li...
> https://lists.sourceforge.net/lists/listinfo/xsltforms-support