| <html> |
| <head><title>Page with unsafe contents</title> |
| <script> |
| var foo = null; |
| |
| function IsFooSet() { |
| return foo != null; |
| } |
| |
| function ImageWidth() { |
| return document.getElementById("bad_image").width; |
| } |
| </script> |
| <script src="https://REPLACE_WITH_HOST_AND_PORT/ssl/set_foo.js"></script> |
| </head> |
| |
| <body> |
| This page contains an image which is served over an insecure HTTPS connection...<br> |
| <img id="bad_image" src="https://REPLACE_WITH_HOST_AND_PORT/ssl/google_files/logo.gif"/> |
| |
| <br><br> |
| And an IFrame served over insecure HTTPS...<br> |
| <iframe id="bad_iframe" src="https://REPLACE_WITH_HOST_AND_PORT/ssl/bad_iframe.html?open_popup=1"/> |
| |
| <br><br> |
| And even worse, some JavaScript served over insecure HTTPS...<br> |
| |
| |
| </body> |
| </html> |