Support » Plugin: WP DoNotTrack » mixed content warning on https sites

  • The actual version of the plugin inserts javascript, that results in a warning about mixed content in Chrome browsers.

    The source is the replacement of script, img and iframe sources with javascript:void(0).

    For images the solution may be the replacement of the url with “data:image/gif;base64,R0lGODlhAQABAAAAACwAAAAAAQABAAA=” (transparent gif 1×1, pixel), for script and iframe “about:blank”.

    https://wordpress.org/plugins/wp-donottrack/

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Frank Goossens

    (@futtta)

    weird, didn’t know that. did you update wpdnt yourself & does this work? if you want i’ll create a github-project so you can fork & issue a pull request once done?

    frank

    Hi Frank,

    I’ve tested that with a changed donottrack-min.js file. But I can only test the img-case. The cases iframe and script were tested in plain html.

    I’ve changed line 409-413 in donottrackme.js


    if ((typeof(invocation.arguments[0].src)==='string')&&((invocation.arguments[0].tagName.toLowerCase()==='script')||(invocation.arguments[0].tagName.toLowerCase()==='img')||(invocation.arguments[0].tagName.toLowerCase()==='iframe'))&&(invocation.arguments[0].src!=='javascript:void(0)')) {
    if (sanitizer(invocation.arguments[0].src)===true) {
    invocation.arguments[0].src='javascript:void(0)';
    }
    }

    to


    if ((typeof(invocation.arguments[0].src)==='string')&&((invocation.arguments[0].tagName.toLowerCase()==='script')||(invocation.arguments[0].tagName.toLowerCase()==='iframe'))&&(invocation.arguments[0].src!=='about:blank')) {
    if (sanitizer(invocation.arguments[0].src)===true) {
    invocation.arguments[0].src='about:blank';
    }
    }
    if ((typeof(invocation.arguments[0].src)==='string')&&(invocation.arguments[0].tagName.toLowerCase()==='img')&&(invocation.arguments[0].src!=='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42‌mNgYAAAAAMAASsJTYQAAAAASUVORK5CYII=')) {
    if (sanitizer(invocation.arguments[0].src)===true) {
    invocation.arguments[0].src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42‌mNgYAAAAAMAASsJTYQAAAAASUVORK5CYII=';
    }
    }

    Example for page without change: http://www.madavi.de

    Example with changed donottrackme-min.js: http://www.ricki-z.com

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘mixed content warning on https sites’ is closed to new replies.