[-dev-tech-crypto] On Wed, May 18, 2011 at 6:17 AM, Jean-Marc Desperrier <[email protected]> wrote: > Brian Smith wrote: >> See https://twitter.com/#!/scarybeasts/status/69138114794360832: >> "Chrome 13 dev channel now blocks certain types of mixed content by >> default (script, CSS, plug-ins). Let me know of any significant >> breakages." >> >> See >> >> https://ie.microsoft.com/testdrive/browser/mixedcontent/assets/woodgrove.htm >> IE9: http://tinypic.com/view.php?pic=11qlnhy&s=7 >> Chrome: http://tinypic.com/view.php?pic=oa4v3n&s=7 >> >> IE9 blocks all mixed content by default, and allows the user to >> reload the page with the mixed content by pushing a button on its >> doorhanger (at the bottom of the window in IE). >> >> Notice that Chrome shows the scary crossed-out HTTPS in the address >> bar.
We tried aggressively blocking active mixed content by default in the Chrome Dev channel, but too much broke. We're going to unblock it again and try to find some middle road. Here's the bug tracking this issue: http://code.google.com/p/chromium/issues/detail?id=81637 Adam _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
