Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-37593

TinyMCE HTML editor fails to load in Chrome on edit profile page due to https

    XMLWordPrintable

Details

    Description

      When editing user's profile with "HTTPS security" enabled, the TinyMCE editor javascript is linked with plain http link.
      That is a problem for the default display behavior in Chrome as it ignores non-https links in ssl secured pages and only shows small shield icon in url bar and that can be easily overlooked.
      This might also be a security issue in other browsers as non-secured javascript can change any part of the secured page and/or steal user data.

      Tested with 2.4.1 and https://github.com/rajeshtaneja/moodle/compare/MOODLE_24_STABLE...wip-mdl-36674-m24 patch which actually enables profile editing with "https security" enabled.

      Attachments

        Issue Links

          Activity

            People

              skodak Petr Skoda
              complicator Pavel Krejci
              Dan Poltawski Dan Poltawski
              Jason Fowler Jason Fowler
              Andrew Lyons, Huong Nguyen, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze, Andrew Lyons, Huong Nguyen, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                11/Mar/13