<html>
<head><title>Page with unsafe contents</title>
<script>
var foo = null;
function IsFooSet() {
return foo != null;
}
function ImageWidth() {
return document.getElementById("bad_image").width;
}
</script>
<script src="https://REPLACE_WITH_HOST_AND_PORT/ssl/set_foo.js"></script>
</head>
<body>
This page contains an image which is served over an insecure HTTPS connection...<br>
<img id="bad_image" src="https://REPLACE_WITH_HOST_AND_PORT/ssl/google_files/logo.gif"/>
<br><br>
And an IFrame served over insecure HTTPS...<br>
<iframe id="bad_iframe" src="https://REPLACE_WITH_HOST_AND_PORT/ssl/bad_iframe.html?open_popup=1"/>
<br><br>
And even worse, some JavaScript served over insecure HTTPS...<br>
</body>
</html>
Codebase Browser
chromium