Gemal's Psyched Blog - Comments on IFRAME without src attribute on HTTPS in Internet Explorer

By Chadom

Thu, 27 Jan 2005 18:49:02 +0100

It could be interesting to test with src="about:blank". Did you ?

By Henrik Gemal

Thu, 27 Jan 2005 18:55:09 +0100

I tested with both
src="about:blank" and src=""
but it didn't work

By minghong

Thu, 27 Jan 2005 20:29:04 +0100

What about "./"? Just let it nests recursively. It will only nest for 3-4 levels. Sounds better than a dummy page. :-P

By Mark Carson

Fri, 28 Jan 2005 02:37:37 +0100

According to my old but serviceable O'Reilly book ("Dynamic HTML") the src attribute is indeed optional but it also states that a Javascript protocol and pseudo-URL can be specified. I wondering if something like: src="javascript: ;"might work. I haven't tried it but it might be yet another workaround for that crappy, non-standards compliant browser.Since I've had to program web-apps for IE for years (my customer's deployed browser) I have always made a "blank.html" file for each folder. More folder cruft IMHO.

By Roger Hsu

Thu, 03 Mar 2005 17:42:08 +0100

Thanks, it really works for me.
Even better is, I realize I don't need to create a real "blank.html" file and it still works!
My code:
elmIfr = document.createElement("IFRAME"); elmIfr.src = "blank.html";
document.body.appendChild(elmIfr);

By kevin

Fri, 15 Jul 2005 21:31:40 +0100

I have this problem. However, the known resolutions do not fix mine. I do not use IFRAME. I do not use hard coded http urls, I only use relative paths for image loading etc. So, what else could be causing this darn message???? Also, it doesnt appear on Win2k with IE6 SP1, but does on Win2003 and XP with IE6 SP2

By ulf

Wed, 17 Aug 2005 11:07:39 +0100

Thank you very much for the workaround. It works for Internet Explorer Version 6. With IE 5.5 the src attribute is not needed. Declaring a non-existing page leads to an abnormal end of this browser. It shortly shows the above pop-up beforehand. I faked my iframe to be filled from index.html. Wonder what we need for IE 5.0, IE 4 etc. A pink Tamagotchi in the task bar?

By Michael

Mon, 19 Sep 2005 21:20:29 +0100

I put a blank.html to use in the code where an iFrame helps construct a dropdown menu for my site. Two problems occur;

1) The history (IE) gets corrupted so that every page calls to the blank.html file.

2) The images do not appear.

Any help would be greatly appreciated.

By Adam Edell

Thu, 22 Dec 2005 20:33:07 +0100

I'm so glad others have been going nuts over this! I've got an https page which has an IFRAME with a src set to a relative path to an aspx page. That works fine. Setting src to "javascript:" as suggested in some posts plain did NOT work. Got the mixed security content dialog anywyay. However, my elusive problem is when I change the location of the IFRAME using javascript, i get the warning when new content comes into the IFRAME... All my images have been adjusted to use https... There is NO content whatsoever that seems missing in any way... I'm using an AJAX callback function to change the location of the IFRAME, and I'll be looking into that, but other than that I'm stumped!I wish there was some way to debug the exact content that the warning is referring to!!

By albert

Thu, 23 Mar 2006 06:37:29 +0100

hi guys, i dont quite understand the solution here the problem is that my https:// doesnt go inside the frame it goes to another page but works fine..i wanted it to be inside the frame where it had a scrolls.

thank you so much i appreciate it

By Greg Camp

Thu, 11 May 2006 00:38:58 +0100

Thanks, I spent hours trying to fix this problem.

By Jeff Saunders

Tue, 23 May 2006 06:49:31 +0100

I had the same problem. My solution was src="javascript:void(0)". Works with IE and Firefox...didn't test it further.

By Eric Fedok

Tue, 06 Jun 2006 19:52:05 +0100

Thanks much! Saved me a lot of time and gave me another reason to hate Microsoft

By stpasha

Thu, 08 Jun 2006 23:26:39 +0100

In IE7 this could be fixed by src="https://about:blank", although this solution crashes IE6 :)

Also, src="javascript:void(0)" doesn't work (at least in IE6) - still the same security warning

By Balaji Krishnamurthy

Wed, 14 Jun 2006 15:52:15 +0100

In IE6 and FireFox, this could be fixed by src="spacer.gif" and put spacer.gif at your root. Once this image is cached at the browser and browser would not request this image and it should work irrespective of protocol.

By Krishnanath

Fri, 30 Jun 2006 16:30:04 +0100

As said by Michael, if we use dummy url for the src attribute like , then the IE history is corrupted and if you have more than one iframes history is a mess.. Could someone help????

By Krishnanath

Fri, 30 Jun 2006 16:33:13 +0100

src="javascript:void(0)" is working for me in IE 6 SP2

By Madhukar

Thu, 17 Aug 2006 06:37:59 +0100

I am using iframe as a Divshim. So I need an empty iframe on which div is to be inserted. src="javascript: ;" did nopt work for me. I used src="blank.html" this does work but I don't want create an blank file. So I have pointed the src to a image file which is already there in the product, src="image.jpg" . This works good. as I don't have create a new file.

By MIB

Fri, 25 Aug 2006 12:43:50 +0100

Try this: src="javascript:''" is working in IE6 SP2

By xurizaemon

Wed, 04 Oct 2006 05:54:45 +0100

javascript:false works for me (using as a div shim also) but i ended up using a blank html file (otherwise it says 'false')

void(0) - this function doesn't require arguments, yet so often i see it with a parameter of 0 ... can someone tell why this is?

what are you doing to the poor 0??

By stevef

Thu, 26 Oct 2006 18:02:57 +0100

Ah lovely ie7.0 breaks the suggested fix, it gives me the warning with src='javascript:false;'
grrrrrrrrrrrrrrrrr. Why cant it just be consitent

By Robin Bygrave

Sat, 28 Oct 2006 07:30:50 +0100

With my IE6 SP2 on WindowsXP the javascript colon single quote single quote works for me too. "javascript:''"

If this works in IE7 then perhaps this is a good solution?

By Kwooda

Tue, 05 Dec 2006 20:19:53 +0100

void() accepts any expression and simply does not return a result. 0, by itself, is a valid expression, though it could be anything - even nothing. void('hey!'), void(null), void(), etc.

Anyway, I was going to suggest the javascript:'' solution, but it looks like a couple people already have.

By Zigmond

Sun, 28 Jan 2007 17:47:36 +0100

I found the best solution to be:
src = "."

This way you always get a page - either the directory of the folder or the "not authorized" page from the server.
They you just override the document.body with your own..

By Laurens Holst

Mon, 14 Sep 2009 17:57:54 +0100

Funny that I run in to this when searching for �iframe src attribute firefox 3 crash�� :).

Funny because in Firefox 3, when you dynamically set the �src� attribute on an XHTML iframe element (parsed as XML), the browser crashes. Fixed in Firefox 3.5, but hey,

�Once again it made me realize why I hate hate hate Mozilla Firefox.�

(not really! but it is a bit of the pot calling the kettle black :))

By KJ

Wed, 13 Jan 2010 18:29:07 +0100

Many thanks to Gemel and Roger Hsu. Between your two posts I was able to figure out how to get rid of that most annoying security pop up!