htmlarea beta 3 and IE SSL “nonsecure items” altert

Apr 14th, 2005   2:19 am

If you’re using the sort-of discontinued HTMLArea v3 beta from within an https/SSL URL, then you’ll probably have come across Internet Explorer popping up an alert saying there is a mix of secure and nonsecure items. Well the problem is that IE doesn’t like IFRAME tags with no src attribute set, when in an SSL environment. Whilst Googling on this problem, I got the impression that this is a known issue.

So, to get rid of the annoyance, you could reduce the security setting in IE’s options, but that’s not ideal. Instead you can modify HTMLArea’s source. Edit htmlarea.js and look for the line var iframe = document.createElement("iframe");. Right after that line you need to set its source, temporarily, at least, as the rest of the HTMLArea initialising will repopulate the IFRAME. You can do this by adding the line iframe.src = "blank.html";. I’ve used a variable which can be set in the calling page, to make it a bit more modular. Don’t forget that the URL you do specify is relative to the calling page’s URL, and not the base_url configured for HTMLArea.

Finally, there’s some hope that HTMLArea will be continued. Check out the HTMLArea homepage where they’ve said Interactive Tools have pulled the plug, but they still intend on bringing v3 to fruition.