When a website is secured via HTTPS, the web site designer must also ensure that all of the scripts used by the page will be delivered in the same secure manner as the main page itself. The same requirements also apply to the plugins and external CSS stylesheets used by the page, as these have the same considerations as javascript.
When this is not the case (sometimes called a “mixed script” situation), visitors to the site run the risk that attackers can interfere with the website and change the script so as to serve their own purposes.
I still don’t see it considering your image shows an http connection not https, so I wouldn’t have though this would be an issue.
I have visited that blog and I don’t get any insecure content alert using firefox 6.0.2 image1.
On further investigation, I see why. NoScript is blocking a weird entry http : //s image2 (and of course facebook.net). Presumably that is the site trying to switch to https ?
Update, went back in and first allowed http : //s and no alert when the page reloaded. Note in the image attached it has switched the http to https in the address window.
Then allowed facebook.net and no alert when the page reloaded. However now there was an entry for facebook.com, which I also allowed and no alert when the page reloaded.
So for me I can’t replicate the insecure content message.
… okay to be clear I used an https link, and there’s nothing weird that you don’t get any alert in Firefox (I don’t either ;D ) as this is a Chrome feature (to send such popups). On the other side Firefox should also show a warning in the address bar when clicking on the site icon in the address bar, it should also tell that there are http elements (non-ssl). Strangely it doesn’t, even with NS and AB+ disabled.
this is a chrome feature !!! … you’ll never reproduce this in FF, see my last post. And again like I said the message is irrelevant, non-ssl elements are frequent on https pages and don’t necessarily make the page insecure.
Yeah…the blog in chrome will have the red line through the https indicating mixed content…
Essentially, somewhere there is something that is not https… (often, elsewhere it can be things like images.)
I hate it in IE when this happens because you get a popup that is worded back to front, and I always click the wrong button…meaning that half the stuff is missing…
David, that is your FF browser addressbar when you are viewing the image Logos’ image ends at the top of the yellow bar, which is a chrome thing.
… you’ll never reproduce this in FF, see my last post. And again like I said the message is irrelevant, non-ssl elements are frequent on https pages and don’t necessarily make the page insecure.
Logos’ image ends at the top of the yellow bar, which is a chrome thing.