Description

Valid HTML icon causes trouble.

Steps to reproduce

install your complete wiki using https
access the wiki through https
go to another page in the wiki, and so on

Every single click results in the browser saying secure and insecure items being displayed, is this ok. It is very annoying for all the users to have to go configure their browser each time. It can easily be gotten rid of by putting text instead of the w3c validator icon which is the cause.

Reporter: DeanHiller

Example

every URL in the wiki.

Details

Missing important details!

MoinMoin Version
OS and Version
Python Version
Server Setup
Server Details

Workaround

Change your configuration, either remove the w3 icon or download it and serve it locally. For details see HelpOnConfiguration.

Insert it to your wikiconfig.py to remove the w3 icon.

    page_credits = [
        '<a href="http://moinmoin.wikiwikiweb.de/">MoinMoin Powered</a>',
        '<a href="http://www.python.org/">Python Powered</a>',
        ]

Discussion

Seems like a bug in the browser, how an image can be unsafe? do you send personal data through this image ?

We can simply add the image to all themes and serve it by default locally.

-- NirSoffer 2005-02-07 10:24:52 You still have not understood the concept of issueing the warning. Please think about the reason for having SSL connections to websites.

Is this a problem with certain browser or the correct behavior according to the standards?

I have not looked into the standards. But the reason for such a warning should be obvious: "user, trust anything but the image because it's authenticity is not guaranteed by the issuer of the certificate!"

The image is now (after patch-643) local but is still a pain because of hardcoded url_prefix. It can be fixed, but thinking about this again, we don't need this image. We don't use an image for Python Powered or MoinMoin Powered, so there is no reason to use an image for the valid html link (except laziness).

If no one has a problem with it, I'm going to make it into a simple text link saying: Valid HTML 4.01. See example here: http://nirs.dyndns.org/main/

privacy

This bug is not just an annoyance, it's a significant privacy leak since it sends the url of every wikipage you browse to w3.org through the referer header. So, I'm glad it's fixed. I thought I had reported this issue some in the past, and came across this bug while trying to find out what happened with my old report. --Paul Rubin

Plan

Make the icon file local.

Priority: med
Assigned to: ThomasWaldmann
Status: fixed (replaced icon with simple text) in patch-657.

CategoryMoinMoinBugFixed CategoryRelease1.3.4

MoinMoin: MoinMoinBugs/W3IconAnnoyance (last edited 2013-06-09 14:54:23 by HSI-KBW-078-042-160-036)