Internet Explorer does not trust itself
Browser June 25th, 2007I guess you have seen this little warning way too often, while surfing with the Internet Explorer:
In the majority of cases you are on an encrypted website when some resources (e.g. images, CSS files or iframes (mostly filled with advertisements)) are being loaded over the normal, not encrypted, HTTP protocol. Naturally, such issues are easy to find and resolve: just take the better browser Firefox, right click the page, look at the Page Info, browse through the list in the Media tab and search for an address which does not start with https.
Another possibility is that some content can not be found on the server and Internet Explorer wants to display its own 404 page. If this happens, the browser will try to display a special page from its resources. Unfortunately this page will be rated insecure, because it does not come via HTTPS protocol, but from the browser itself.
You can try to avoid this by building a 404 error page. But even this can fail if the page size is too small for Internet Explorer.
Today I spent some time until I found third reason for this box to appear. I searched for not encrypted requests and watched out for missing files with Fiddler, but I found nothing. After a while I found an hidden frame locating to about:blank. This location, as well as the "file not found" event, leads Internet Explorer to display content from its chrome.
Funnily, this browser does not trust its own content and will bring up a warning.
So, if you have users with old versions of Internet Explorer, be sure not to use about:blank, the rhomb # or empty values for objects like images, iframes or others on SSL encrypted sites.
Update:
Today (04.09.2007) I found another example of Internet Explorer's paranoia: before navigating from an unsecure location to a web page in the Trusted sites list you have to confirm a dialog. The point is, that the current location is a page from the browser's own resources! If this page is fiddled every security check is dispensable...
