Other browsers provide an option to disable mixed/insecure content within https connections. See https://www.ssllabs.com/ssltest/viewMyClient.html --> see Mixed Content Handling Test to see more details. Reproducible: Always Steps to Reproduce: Open any https connection containing insecure http content. Actual Results: Insecure http content will be loaded. Considering this as a major bug regarding SSL/TLS security. Expected Results: Insecure content should be disabled / blocked by default. Optional: A warning should ask whether to display the insecure/mixed content. Optional: A config option could be provided to allow display of insecure content permanently. A Dangerous Mix: Large-scale analysis of mixed-content websites: http://www.securitee.org/files/mixedinc_isc2013.pdf
Thank you for reporting this bug in KDE software. As it has been a while since this issue was reported, can we please ask you to see if you can reproduce the issue with a recent software version? If you can reproduce the issue, please change the status to "CONFIRMED" when replying. Thank you!
current state: still reproducible Mixed Content Tests Images Passive Yes
A possibly relevant merge request was started @ https://invent.kde.org/network/konqueror/-/merge_requests/145
Git commit 6689f1a8f53436dbd5bcf4b5f898d5d479fd8f69 by Stefano Crocco. Committed on 29/12/2022 at 08:49. Pushed by stefanocrocco into branch 'master'. Block images with HTTP URLs from HTTPS pages M +4 -0 webenginepart/src/webengineurlrequestinterceptor.cpp https://invent.kde.org/network/konqueror/commit/6689f1a8f53436dbd5bcf4b5f898d5d479fd8f69