Datepicker not linking to https jquery ui icon

[jorisde]

When using the datepicker jquery ui, the calendar icon uses the http and not https link to the calendar icon (http://jqueryui.com/resources/demos/datepicker/images/calendar.gif), leading to mixed content errors. I am using version v1.5.0.

[mdeweerd]

Up!
I activated Content-Security-Policy (CSP) which enables limiting resources to known origins only.
"http://jqueryui.com/resources/demos/datepicker/images/calendar.gif" popped up as a violation.

Not only does not use the same security level as the web page (the URI could start with "//") it is also fetching the resource from a location that is neither local neither on the CDN.

This could be fixed by relying on the CSS resource and linking to an image (as a background element) to be added to the css/img directory where we already have the "loading.gif" image. Other methods seem to be more complex with regards to CSP (Using 'data:' to insert an image from inside JavaScript may also result in security exceptions).

In the mean time I'll (try to) fix this by adding the image path to the configuration of the editable field with the date picker based on this in thecode:

      /* datepicker config */
       datepicker: {
           showOn: "button",
           buttonImage: "http://jqueryui.com/resources/demos/datepicker/images/calendar.gif",
           buttonImageOnly: true,            
           firstDay: 0,
           changeYear: true,
           changeMonth: true,
           showOtherMonths: true
       },