Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-37593

TinyMCE HTML editor fails to load in Chrome on edit profile page due to https

    Details

      Description

      When editing user's profile with "HTTPS security" enabled, the TinyMCE editor javascript is linked with plain http link.
      That is a problem for the default display behavior in Chrome as it ignores non-https links in ssl secured pages and only shows small shield icon in url bar and that can be easily overlooked.
      This might also be a security issue in other browsers as non-secured javascript can change any part of the secured page and/or steal user data.

      Tested with 2.4.1 and https://github.com/rajeshtaneja/moodle/compare/MOODLE_24_STABLE...wip-mdl-36674-m24 patch which actually enables profile editing with "https security" enabled.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Votes:
                  0 Vote for this issue
                  Watchers:
                  4 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:
                    Fix Release Date:
                    11/Mar/13