Mixed Content on HTTPS forum



  • Sometimes I’m not getting the green badge of a secure connection to https://forum.vivaldi.net/ but instead an error in the console:

    Mixed Content: The page at 'https://forum.vivaldi.net/' was loaded over HTTPS, but requested an insecure image 'http://i.imgur.com/cUEMO4Q.png'. This content should also be served over HTTPS.

    This happens when a forum’s last post links to an external resource, that is then teased/quoted as-is, e.g.

    		<div class="col-md-3 col-sm-3 teaser hidden-xs" component="topic/teaser">
    <div class="card" style="border-color: #2D2D2D">
    			<div component="category/posts">
    		<p>
    			<a href="/user/kurai">
    								<img class="user-img" title="kurai" alt="kurai" src="https://login.vivaldi.net/profile/avatar/Kurai/avt3Swj4Fmgmn2PV.png" title="kurai"/>
    			</a>
    			<a class="permalink" href="/topic/14791/историческая-сборка-vivaldi-1-8-770-9/15">
    				<small class="timeago" title="2017-03-05T10:59:34.601Z"></small>
    			</a>
    		</p>
    		<div class="post-content">
    			<p>Как-то очень странно очищаются загрузки... В загрузках два видео, а остальное - картинки.</p>
    <p><img src="http://i.imgur.com/cUEMO4Q.png" alt="alt text" class="img-responsive img-markdown" /></p>
    
    		</div>
    	</div>
    
    	
    </div>
    	</div>
    

    I think the teaser should be better sanitized.

    PS: the .user-img image has a duplicated title attribute.


Log in to reply
 

Looks like your connection to Vivaldi Forum was lost, please wait while we try to reconnect.