[prev in list] [next in list] [prev in thread] [next in thread]
List: konq-bugs
Subject: [konqueror] [Bug 356371] New: missing option / default behaviour to disable mixed (insecure http) co
From: Thomas Bettler via KDE Bugzilla <bugzilla_noreply () kde ! org>
Date: 2015-12-07 19:10:40
Message-ID: bug-356371-5021 () http ! bugs ! kde ! org/
[Download RAW message or body]
https://bugs.kde.org/show_bug.cgi?id=356371
Bug ID: 356371
Summary: missing option / default behaviour to disable mixed
(insecure http) content within https sites
Product: konqueror
Version: unspecified
Platform: Gentoo Packages
OS: Linux
Status: UNCONFIRMED
Severity: major
Priority: NOR
Component: khtml part
Assignee: konq-bugs@kde.org
Reporter: thomas.bettler@gmail.com
Other browsers provide an option to disable mixed/insecure content within https
connections.
See https://www.ssllabs.com/ssltest/viewMyClient.html --> see Mixed Content
Handling Test to see more details.
Reproducible: Always
Steps to Reproduce:
Open any https connection containing insecure http content.
Actual Results:
Insecure http content will be loaded.
Considering this as a major bug regarding SSL/TLS security.
Expected Results:
Insecure content should be disabled / blocked by default.
Optional: A warning should ask whether to display the insecure/mixed content.
Optional: A config option could be provided to allow display of insecure
content permanently.
A Dangerous Mix: Large-scale analysis of mixed-content websites:
http://www.securitee.org/files/mixedinc_isc2013.pdf
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
Konq-bugs mailing list
Konq-bugs@kde.org
https://mail.kde.org/mailman/listinfo/konq-bugs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic