https://bugs.kde.org/show_bug.cgi?id=356371
Bug ID: 356371
Summary: missing option / default behaviour to disable mixed
(insecure http) content within https sites
Product: konqueror
Version: unspecified
Platform: Gentoo Packages
OS: Linux
Status: UNCONFIRMED
Severity: major
Priority: NOR
Component: khtml part
Assignee: konq-b...@kde.org
Reporter: thomas.bett...@gmail.com
Other browsers provide an option to disable mixed/insecure content within https
connections.
See https://www.ssllabs.com/ssltest/viewMyClient.html --> see Mixed Content
Handling Test to see more details.
Reproducible: Always
Steps to Reproduce:
Open any https connection containing insecure http content.
Actual Results:
Insecure http content will be loaded.
Considering this as a major bug regarding SSL/TLS security.
Expected Results:
Insecure content should be disabled / blocked by default.
Optional: A warning should ask whether to display the insecure/mixed content.
Optional: A config option could be provided to allow display of insecure
content permanently.
A Dangerous Mix: Large-scale analysis of mixed-content websites:
http://www.securitee.org/files/mixedinc_isc2013.pdf
--
You are receiving this mail because:
You are watching all bug changes.
