Page Containing Non-Secure Item?

At work, the web application that I've been developing has always had this problem over a secure SSL link. On certain pages, before the document is fully loaded, a dialog box will popup telling me that "This page contains non-secure items, would you like to display those items?". Whether I choose 'Yes' or 'No' does not really make a difference, and the application can still be executed perfectly. However, this dialog box is really annoying to the point that many people in the office has turned off this checking in their Internet Explorer preferences.

Dialog Box

We have been digging through all our code to see whether we have explicitly refer to an URL using the 'http' protocol, instead of leaving it relative. However, the search has not been successful and all our code shows that we are using the URL's correctly. This is getting even more annoying today as some of my new Javascript widgets will popup this message when they are in operation. Right click somewhere to bring up a context menu - BANG! There is that annoying dialog box asking you to confirm. So I decided that I must go and figure out what actually caused this problem.

Searching through trusted Google does not yield many useful result. Actually a lot of sites on the first result page actually state the same problem. They tell their custom to simply ignore the dialog box when they are using the application. It is not right! That's avoiding the problem! Until I hit this page on the DevShed.com...

It does not present a clear answer, but I think I found the solution on here.

Make Sure You Have SRC Attribute In Your IFRAME!

We have quite a few IFRAME tags in our code, either pre-generated or appended to the document using DOM. Many of them are pointing to a relative URL when they are created, however, some of them are just created as hidden place holders. They are used in DHTML to replace some DIV code because DIV does hover well above the editing widgets. They are created without a SRC attribute, because their documents are created on the fly! Because the document does not have an URL, Internet Explorer gets confused and thus yield a warning on displaying non-secure items.

It ends up as an easy fix - just create thus IFRAME's with SRC pointing to a dummy page using a relative URL.