Mixed Content on HTTPS forum
-
Sometimes I’m not getting the green badge of a secure connection to https://forum.vivaldi.net/ but instead an error in the console:
Mixed Content: The page at 'https://forum.vivaldi.net/' was loaded over HTTPS, but requested an insecure image 'http://i.imgur.com/cUEMO4Q.png'. This content should also be served over HTTPS.
This happens when a forum’s last post links to an external resource, that is then teased/quoted as-is, e.g.
<div class="col-md-3 col-sm-3 teaser hidden-xs" component="topic/teaser"> <div class="card" style="border-color: #2D2D2D"> <div component="category/posts"> <p> <a href="/user/kurai"> <img class="user-img" title="kurai" alt="kurai" src="https://login.vivaldi.net/profile/avatar/Kurai/avt3Swj4Fmgmn2PV.png" title="kurai"/> </a> <a class="permalink" href="/topic/14791/историческая-сборка-vivaldi-1-8-770-9/15"> <small class="timeago" title="2017-03-05T10:59:34.601Z"></small> </a> </p> <div class="post-content"> <p>Как-то очень странно очищаются загрузки... В загрузках два видео, а остальное - картинки.</p> <p><img src="http://i.imgur.com/cUEMO4Q.png" alt="alt text" class="img-responsive img-markdown" /></p> </div> </div> </div> </div>
I think the teaser should be better sanitized.
PS: the
.user-img
image has a duplicatedtitle
attribute.