I’ve got Google conversion tracking code (small bit of JavaScript) on a confirmation page on my site which is displayed after a user completes a transaction. It is displayed on my wordpay callback page which is pulling data from the regular site (HTTP) to the worldpay site (HTTPS) so IE 7/8 asks
do you want to display non-secure items?
Clicking no removes the CSS and all other styling info but still picks up the JS (can see it in the source code of the page).
What I want to know is, does the code still gets executed when the user clicks "no"? Because it is displayed you would assume so?
But the source of the page still displays the CSS and image links but they aren’t rendered.
The warning occurs when your page is loaded from
httpsand includes items that are loaded viahttp. So if your Javascript comes from a non-secure source then I’d expect it to be disabled, even though it still appears in the code (heck, why shouldn’t it. IE doesn’t alter the DOM in that case but rather doesn’t load certain external elements – that’s why you still see image tags, etc. in the source even though they are not rendered).