Not catching all mixed content warnings - probably exiting too early
ashfame opened this issue · 0 comments
ashfame commented
Open this URL in chrome & notice the console warnings about mixed content warning - https://googlesamples.github.io/web-fundamentals/fundamentals/security/prevent-mixed-content/active-mixed-content.html
and compare that with the ones reported by the tool.
The insecure URL in the iframe is not caught. Also, if you host the html yourself & remove comments for <object type="application/x-shockwave-flash" data="http://..."></object>
, even that's not caught but chrome shows another mixed content warning.
I think we are probably exiting too early for these to be caught?