Most web browsers show a lock and/or change the address bar to indicate that an https site has been connected to via TLS. konqueror shows (afaict) a green shield with a check-mark. Fair enough. But other browsers also indicate a "broken lock" or something similar when an https page sources plain http content (e.g. in an img, stylesheet, or script). This is to indicate to the user (who can't tell which pieces of content are served over encrypted channels and which ones are exposed in transit) that the rendered page is not entirely confidential communication. Konqueror does not display this state to the user, so konqueror users are vulnerable to data being sent in the clear without their knowledge. This bug was reported on the Debian bug tracker system: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=580420 Reproducible: Always
It would greatly help if the reporter provided an example URL where we can test this. We most definitely have an icon that can indicate partially encrypted sites, but I know for a fact that kwebkitpart does not do that because it would involve checking all the URLs in a page. If we have an example site, we can see how the other browsers behave and learn how they deal with such pages and perhaps come up with solution that will work for Konqueror.
Hi, Firefox indicates that this page is partially encrypt : https://grezilleenvironnementnature.wordpress.com I also created a test page on my personnal server : https://adrieng.homeip.net/~adrien/test_307221.html It is a sample HTML page, with an image from wikipedia. However, the certificate is self-signed, as it is my personnal server. Please tell me if you need other example. Regards, Adrien