about:blank causing This page contains both secure and nonsecure items warning message
In previous my previous article, This page contains both secure and nonsecure items, i described how I debugged and rectified the warning message pop-up
problem while accessing a secure site. Unfortunately the warning message did not go away after that fix. I ran the offending pages through Fiddler
and did not find any missing resources or any reference to a resource that was not under secure site. Since I was getting the warning message,
this means site is accessing some resource outside of it.
I did some more research and found out that in certain situations,
IFRAME can be another cause of this error. So I looked at the
page and saw that it was using
IFRAME at one location on the page. I looked at
src attribute of it to see where
it was pointing to, and saw there is no target page for this
IFRAME. Then i started research on behavior of IFRAME. I found out that
if you do not specify
src attribute for
IFRAME, brwoser uses inbuilt
about:blank resource to display
IFRAME with blank content. And this blank content page comes from browser's resources on client computer where browser is running and definitely
is not under secure site access. That explains pretty much everything why I was getting that warning dialog box. I will explain
how about:blank gets pulled into browser and where it lives.
First question that comes to mind is, how does browser know where to look for page content corresponding to
reference in your page. about:blank is one of the special URIs that browsers use internally to display special content,
diagnostics or other kind of information. Look in HKLM/Software/Microsoft/Internet Explorer/AboutURLs registry key and
you will find your answer. There is a resource named blank.htm in mshtml.dll that contains the content to display
when you refer to about:blank on your page. You can try it your self by entering url res://mshtml.dll/blank.htm and
you will get blank page. Right click on the page to view source and you will see how much content is there.
If you are site is using secure access (SSL/HTTPS) and you have frames on the pages, then make sure that you do specify
a valid secure URL for
src attribute. If you want to point to blank content for these frames, then create a
blank page in your site itself and then point these frames to that location.