Check the PopupBehavior.js in ajaxcontroltoolkit source and change the "about:blank" to "javascript:'' for the childFrame.src

I have removed the AjaxControlToolkit from my test project yet the problem persists. So I'm pretty sure it's not the "about:blank" sections in the PopupBehavior.js file that could be causing the problem.

We have removed AjaxControlToolkit completely and we are having the same problem.  Local works perfectly, but when we publish to SSL server, we get prompted for the Secure/Unsecure dialog.  If we select No, the application works, but we do not see the UpdateProgress control.  If we select Yes, iexplore.exe crashes with an unhandled exception.

 

I am experiencing this problem as well!!! It only happens in IE6 and does not happen in IE7. In my case the script manager is in a master page and the security information dialog seems to only come up on my pages that use an alwaysvisiblecontrol or an animation control. What is the plan for fixing this as it seems to have been around for a long time and is obviously VERY annoying to anyone using an application that constantly pops up the security information dialog box.

This sounds like work item 6444 which we hope to fix in the next release.

FYI: I've checked in a fix for this work item as change 15319 to the Development branch for inclusion with the next Toolkit release. Change comments:

"Avoid IE6 insecure content warning when accessing PopupBehavior-using controls (ex: DropDown, HoverMenu, PopupControl, ValidatorCallout) over an HTTPS connection. Instead of pointing the created IFRAME's src property at "about:blank", set it to "javascript:document.open();document.write('<html></html>');document.close();" instead. This has the same effect (of opening an empty page) and avoids the need for a round-trip to the server to fetch a blank page from the Toolkit's resource section."

You should be able to make the same change to your source code in order to try this out early. Please let us know if you encounter any problems with it!

After peer review, I'm updating the IE6 SSL insecure content warning fix to be even simpler. Where PopupBehavior previously assigned its IFRAME.src the value "javascript:document.open();document.write('<html></html>');document.close();" in order to display a blank page, it now uses simply "javascript:'<html></html>';".

I'm trying to apply the fix you recommended. However, when I make the fixes nothing happens. On further investigation, I'm browsing to the file directly - http://[server]/ScriptResource.axd?d=[long string] and I keep getting the same text, so the server is not sending the updated content. Any ideas?

That fix is included in the latest release of the Toolkit, 10301. Please try with that release.

Regarding why your particular script may not being updated, perhaps something went wrong when you rebuilt AjaxControlToolkit.dll or perhaps you didn't copy the new DLL to your project?