Comment 1 Neil MacLeod 2007-09-12 03:12:44 UTC

I also get this on Google (wwww.google.co.uk) when using Micro-b (I've never
signed into Google on the N800).

I enter a search term (eg. "bbc") into Google, click the "Google Search" button
and I'm then prompted with the following dialog:

[Javascript Confirmation]
The information you have entered is to
be sent over an unencrypted connection
and could easily be read by a third party.
Are you sure you want to continue
sending this information?
[OK] [Cancel]

Clicking Cancel aborts the search.
Clicking OK begins the search.

If I click the first link the search page, I'm not prompted with the Javascript
dialog.

Comment 2 Neil MacLeod 2007-09-12 03:13:49 UTC

The Google URL for comment #1 should be:

http://www.google.co.uk

biesi hit this on one of my n800s when i met him in vienna.
i hit this more recently on a different n800 probably in munich.

you can see the relevant preferences if you load: 
about:config?sprefname=security.warn

the defaults for these settings are normal and neither of us could think of a
reason for the preferences to change state.

Comment 4 Neil MacLeod 2007-09-24 02:27:29 UTC

I can assure you I never manually changed any of those settings. Oddly enough,
my reproducible test case (google) is no longer showing this problem - since
filing my comment I've rebooted several times, I wonder if that reset whatever
was causing the issue? Currently my settings are:

security.warn_entering_secure = false
security.warn_entering_weak = false
security.warn_leaving_secure = false
security.warn_submit_insecure = false
security.warn_viewing_mixed = true

and I am not being prompted by searching Google.

If it happens again, I'll post my settings.

I can confirm this bug with no changes/alterations to os 2008.

I always receive the javascript confirmation dialog when sending gmail
messages, and when clicking any javascript button that sends data.

The bug does not ocurr in previous versions of th os

*** This bug has been confirmed by popular vote. ***

Comment 7 tuukka.tolvanen 2008-06-29 12:02:22 UTC

some of the preferences probably change state because

http://timeless.justdave.net/mxr-test/garage/source/browser/mozilla/trunk/microb-eal/src/gmozillaweb.c#1689
1689 g_mozilla_web_set_default_config (GMozillaWeb *self)
1696     gboolean bfval = FALSE;

bfval is used as a false constant

1699     if (!gtk_moz_embed_common_get_pref(G_TYPE_BOOLEAN,
"plugins.flashhack", &bfval))

looks like flashhack gets poked automatically while running
http://timeless.justdave.net/mxr-test/garage/search?string=plugins.flashhack

and later unconditionally

1715     gtk_moz_embed_common_set_pref(G_TYPE_BOOLEAN,
G_MOZILLA_PREF_SSR_ENABLED, &bfval);
1826     gtk_moz_embed_common_set_pref(G_TYPE_BOOLEAN,
G_MOZILLA_PREF_SECURE_ENTER, &bfval);
1829     gtk_moz_embed_common_set_pref(G_TYPE_BOOLEAN,
G_MOZILLA_PREF_SECURE_LEAVE, &bfval);
1832     gtk_moz_embed_common_set_pref(G_TYPE_BOOLEAN,
G_MOZILLA_PREF_SECURE_SUBMIT, &bfval);

Comment 8 tuukka.tolvanen 2008-06-29 12:03:25 UTC

so if plugins.flashhack were to happen to be true while hitting
g_mozilla_web_set_default_config, fun happens.