Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-37593

TinyMCE HTML editor fails to load in Chrome on edit profile page due to https

    XMLWordPrintable

    Details

      Description

      When editing user's profile with "HTTPS security" enabled, the TinyMCE editor javascript is linked with plain http link.
      That is a problem for the default display behavior in Chrome as it ignores non-https links in ssl secured pages and only shows small shield icon in url bar and that can be easily overlooked.
      This might also be a security issue in other browsers as non-secured javascript can change any part of the secured page and/or steal user data.

      Tested with 2.4.1 and https://github.com/rajeshtaneja/moodle/compare/MOODLE_24_STABLE...wip-mdl-36674-m24 patch which actually enables profile editing with "https security" enabled.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              skodak Petr Skoda
              Reporter:
              complicator Pavel Krejci
              Integrator:
              Dan Poltawski
              Tester:
              Jason Fowler
              Participants:
              Component watchers:
              Andrew Nicols, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze, Andrew Nicols, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Fix Release Date:
                11/Mar/13