jQuery Asual Address Plugin causing IE6 "nonsecure items" warning

Question

The title pretty much says it all. If I include the Asual Address plugin for jQuery in my project IE6 warns the user about "both secure and nonsecure items". I've stripped a page down to nothing but:

<html xmlns="http://www.w3.org/1999/xhtml">
   <head runat="server">
        <title>Title</title>
   </head>
<body>
    <script src="js/jquery.1.4.4.min.js" type="text/javascript"></script>

    <script src="js/jquery.address-1.3.min.js" type="text/javascript"></script>

</body>
</html>

Place that in a secure site and IE6 will throw the warning. I've looked in the source for the common culprit that is an iframe with an "about:blank" src tag but didn't see anything that looked like a problem.

Any help is appreciated.

Update: I've tried Fiddler to determine where the nonsecure item is coming from. The only three things listed are:

200   HTTPS   CONNECT         *websiteurl*:443
200   HTTPS   *websiteurl*    Default.aspx
200   HTTPS   *websiteurl*    /js/jquery.1.4.4.min.js
200   HTTPS   *websiteurl*    /js/jquery.address-1.3.min.js

The difference comes if I click "No" to loading the nonsecure items. I get

200   HTTPS   CONNECT         *websiteurl*:443
200   HTTPS   *websiteurl*    Default.aspx
200   HTTPS   *websiteurl*    /js/jquery.1.4.4.min.js
200   HTTPS   *websiteurl*    /js/jquery.address-1.3.min.js
400   HTTPS   *websiteurl*    pagerror.gif

I've researched the pagerror.gif, but It comes after I've told IE not to load the nonsecure items, so I'm not sure it's related to my issue.

Answer 1

Ok, I finally found it. Turns out, it was a problem with an iframe source.

For future readers: In the plugin, you'll need to give the iframe a src when it's created. javascript:false; works nicely. So, find the line that reads

 _frame = _d.createElement((frameset ? '' : 'i') + 'frame');

and change it to

_frame = _d.createElement((frameset ? '' : 'i') + 'frame');
_frame.src = 'javascript:false;';

Hope this helps someone!