IFRAME without src attribute on HTTPS in Internet Explorer
This took me quite some time to debug. Once again it made me realize why I hate hate hate Internet Explorer.
If you have a webpage on a HTTPS server with the following iframe code where you leave the src out:
and you view the page in Internet Explorer you'll get the following very descriptive warning.
Clicking on the More Info button doesn't give you which items it's referring to, but just a help file.
Mozilla Firefox correctly doesn't produce this error.
Leaving the src attribute out of the iframe is common, when you want to fill the src attribute programmatically.
The solution you ask? Create a blank.html page and then write:
<iframe id="if" src="blank.html"></iframe>
The blank.html only contains <html></html>
It could be interesting to test with src="about:blank". Did you ?Comment by Chadom at January 27, 2005 06:49 PM | Permalink
I tested with both
src="about:blank" and src=""
but it didn't work
What about "./"? Just let it nests recursively. It will only nest for 3-4 levels. Sounds better than a dummy page. :-PComment by minghong at January 27, 2005 08:29 PM | Permalink
might work. I haven't tried it but it might be yet another workaround for that crappy, non-standards compliant browser.
Since I've had to program web-apps for IE for years (my customer's deployed browser) I have always made a "blank.html" file for each folder. More folder cruft IMHO.Comment by Mark Carson at January 28, 2005 02:37 AM | Permalink
Thanks, it really works for me.
Even better is, I realize I don't need to create a real "blank.html" file and it still works!
elmIfr = document.createElement("IFRAME"); elmIfr.src = "blank.html";
I have this problem. However, the known resolutions do not fix mine. I do not use IFRAME. I do not use hard coded http urls, I only use relative paths for image loading etc. So, what else could be causing this darn message???? Also, it doesnt appear on Win2k with IE6 SP1, but does on Win2003 and XP with IE6 SP2Comment by kevin at July 15, 2005 09:31 PM | Permalink
Thank you very much for the workaround. It works for Internet Explorer Version 6. With IE 5.5 the src attribute is not needed. Declaring a non-existing page leads to an abnormal end of this browser. It shortly shows the above pop-up beforehand. I faked my iframe to be filled from index.html. Wonder what we need for IE 5.0, IE 4 etc. A pink Tamagotchi in the task bar?Comment by ulf at August 17, 2005 11:07 AM | Permalink
I put a blank.html to use in the code where an iFrame helps construct a dropdown menu for my site. Two problems occur;
1) The history (IE) gets corrupted so that every page calls to the blank.html file.
2) The images do not appear.
Any help would be greatly appreciated.Comment by Michael at September 19, 2005 09:20 PM | Permalink
I wish there was some way to debug the exact content that the warning is referring to!!Comment by Adam Edell at December 22, 2005 08:33 PM | Permalink
hi guys, i dont quite understand the solution here the problem is that my https:// doesnt go inside the frame it goes to another page but works fine..i wanted it to be inside the frame where it had a scrolls.
thank you so much i appreciate itComment by albert at March 23, 2006 06:37 AM | Permalink
Thanks, I spent hours trying to fix this problem.Comment by Greg Camp at May 11, 2006 12:38 AM | Permalink
Thanks much! Saved me a lot of time and gave me another reason to hate MicrosoftComment by Eric Fedok at June 6, 2006 07:52 PM | Permalink
In IE7 this could be fixed by src="https://about:blank", although this solution crashes IE6 :)
In IE6 and FireFox, this could be fixed by src="spacer.gif" and put spacer.gif at your root. Once this image is cached at the browser and browser would not request this image and it should work irrespective of protocol.
As said by Michael, if we use dummy url for the src attribute like , then the IE history is corrupted and if you have more than one iframes history is a mess.. Could someone help????Comment by Krishnanath at June 30, 2006 04:30 PM | Permalink
void(0) - this function doesn't require arguments, yet so often i see it with a parameter of 0 ... can someone tell why this is?
what are you doing to the poor 0??Comment by xurizaemon at October 4, 2006 05:54 AM | Permalink
grrrrrrrrrrrrrrrrr. Why cant it just be consitent
If this works in IE7 then perhaps this is a good solution?Comment by Robin Bygrave at October 28, 2006 07:30 AM | Permalink
void() accepts any expression and simply does not return a result. 0, by itself, is a valid expression, though it could be anything - even nothing. void('hey!'), void(null), void(), etc.
I found the best solution to be:
src = "."
This way you always get a page - either the directory of the folder or the "not authorized" page from the server.
They you just override the document.body with your own..
Funny that I run in to this when searching for “iframe src attribute firefox 3 crash”… :).
Funny because in Firefox 3, when you dynamically set the ‘src’ attribute on an XHTML iframe element (parsed as XML), the browser crashes. Fixed in Firefox 3.5, but hey,
“Once again it made me realize why I hate hate hate Mozilla Firefox.”
(not really! but it is a bit of the pot calling the kettle black :))Comment by Laurens Holst at September 14, 2009 05:57 PM | Permalink
Many thanks to Gemel and Roger Hsu. Between your two posts I was able to figure out how to get rid of that most annoying security pop up!Comment by KJ at January 13, 2010 06:29 PM | Permalink