Mixed Content Warnings in IE7 caused by JavaScript and Images

Question

I have been banging my head on the desk for several days over this issue. Basically I have a page that has a Microsoft AJAX Tab Panel and several tabs loaded within that and the container page is viewed over SSL. Well I began getting mixed content warnings (only in IE7) from the page so I ran Fiddler and there were no outbound connections being made over HTTP, all of the IFRAMES had the necessary SRC attributes, etc. I finally tracked the error down to a particular custom server control which creates several ImageButtons and sets the ImageURL to "javascript:false;". I did this under the assumption that an empty image that is set via JavaScript would work similar to an IFRAME that has an empty src attribute in that it would raise a Mixed Content warning.

In the case of the ImageButtons the opposite seems true: when the ImageURL is set to "javascript:false;" it causes the mixed content warning to be displayed whereas an empty ImageURL doesn't. My question is why does this happen? I have searched Google for an explanation but have come up empty handed.

Answer 1

I've seen something similar before and have always suspected that the culprit is about:blank being returned as the resource whenever Internet Explorer has to fallback on giving out "something". This, however, is specific to IE6

The general case can be found partially documented in the comments to a blog entry by Eric Lawrence (Eric works on Internet Explorer, wrote Fiddler and is well worth adding to your RSS reader).

Other quirks to be aware of: In IE6, we treat "about:blank" as insecure content, as well as "javascript:" and "res:". In IE7, we fixed the "about:blank" case, but we have not (yet) changed javascript and res.