2004.07.28 01:29 PM


Not sure when this started happening (seems like it was with IE 6.0, but maybe it was with an earlier IE 5.0 patch), but if you load HTML into IE via HTTPS containing an IFRAME element having a blank src attribute, perhaps anticipating filling the src attribute programmatically, you will be barked at.

The solution is to point the IFRAME's src attribute at something that can be accessed over HTTPS, like blank.html.

Some others have suggested you can use "javascript:void(0)" to avoid the error, but I've had no luck with it.


Thank you. Either one is working just fine for me:

Windows 98/MSIE 6

Mortum | 2004.10.28 10:24 AM

Glad to hear it!

ewbi.develops | 2004.10.28 12:32 PM

sorry about previous messages:
put this line src="javascript:false;" in your iframe tag

vp70 | 2005.05.04 12:24 PM


No problem regarding the previous messages - I just removed them.

Regarding your suggestion, thanks. I'll give it a shot when faced with this issue again.

ewbi.develops | 2005.05.04 01:11 PM

Thanks a lot

bhagyesh | 2005.09.22 04:49 AM

You're welcome.

I meant to post a link over to an Ajaxian post from June that adds a little more info:


ewbi.develops | 2005.09.22 08:17 AM

As far as when this started happening, it seems it started with the version of IE that XP SP2 upgrades people to, namely 6.0.2900.2180.xpsp_sp2_gdr.050301-1519. Pre-SP2 IE (6.0.2800.1106) doesn't seem to have this issue.

xavier | 2006.03.29 08:26 AM

Xavier - Thanks for those details.

ewbi.develops | 2006.03.29 09:34 AM

very very thankssssss :)))))

ali cinar | 2006.12.18 03:47 AM

Thank you very much for this info. It's very usefull for me. Thanks from Spain

Héctor | 2007.05.14 09:17 AM

I've got more problems with this... I have a page (https) that has an IFRAME that I'm setting the src attribute to a .TIFF image - and src for the image is specified as https and located within the site root - and I STILL get the message. Has anyone else seen this or am I the only one that has this problem?

MS Iskillingme | 2007.12.07 11:02 AM

Hmm, I've never used an IFRAME to point at anything other than a full page resource (whether static or dynamic), so I'm not sure what the implications are for this. However, this post still gets a little traffic each day, so perhaps someone with some knowledge of this will stop by and comment.

Good luck!

ewbi.develops | 2007.12.07 11:32 AM

Thanks xavier, I had the same problem using "javascript:void(0);" in IE6 on Windows XP with SP2.
I've looked into the source of the YUI Library (Yahoo Library) and it uses "javascript:false;", so I figure that's the best option.

Check the YUI 2.x Source Tree: http://github.com/yui/yui2/tree
and navigate to src/container/js/Overlay.js

Jacob Coens | 2009.05.29 04:51 AM

it is better to map blank.html to iframe source
i tried with javascript:; but it worked in some systems not in some other systems with ie6.....

Sriram | 2009.08.19 04:07 AM


TrackBack URL:  https://www.typepad.com/services/trackback/6a00d8341c7bd453ef00d83431b2db53ef

Listed below are links to weblogs that reference IE, IFRAME, and HTTPS: