Nick Mudge Ignition Software Consulting & Development

I recently had a problem with a web page created using the Wicket 6 web framework. A button that uploads a file didn't work. When pressed the button didn't do anything.

I investigated the problem and found that the button was using an AJAX function from wicket-ajax-jquery.js. But it wasn't actually AJAX. The call used a hidden iframe to send the multipart form data of the file being uploaded.

Apparently regular AJAX calls cannot be used with HTML 4 to send multipart form data which is required when uploading files. So wicket-ajax-jquery.js simulates AJAX by using a hidden iframe to submit a form.

The problem is that the src attribute on the hidden iframe is set to "about:blank". This right here causes the before mentioned button to not work when IE8's Internet zone security level is set to High. Internet Explorer may give a popup explaining that "about:blank" needs to be added to the list of Trusted sites, or it might not. The indication of what the problem is isn't necessarily clear. In testing on two computers the popup occurs the first time it happens but not after that. On another computer the popup doesn't occur at all.

I don't know if this is a problem with other versions of IE or not.

The solutions I have for this are for users to change their Internet zone security setting to lower than High, or add "about:blank" to their list of Trusted sites, or for the developer making the webpage to use a regular form submission instead of using a simulated AJAX call that uses an iframe.

I wrote this blog post as an experiment because I was surprised that I could not find this problem at all by searching for it with google. Either other people don't have this problem or people do have this problem but it hasn't been written about. I'm curious if much people will find this blog post now that I've written about it.