How to resolve "SEC7111: HTTPS security is compromised by (null)" error in IE11

Oct 21, 2015

I recently encountered an issue that a webpage does not function in IE11 with exception "SEC7111: HTTPS security is compromised by (null)". It turned out it was caused by using document.write() function in the HTTPS webpage.

Symptom

An HTTPS webpage does not work in IE11 while it always works in other IE versions and error message: "SEC7111: HTTPS security is compromised by (null)" is thrown in F12 console.

Analysis

By analyzing the page script, I found that IE threw the exception from document.write() function.

After further testing, I can draw a conclusion that document.write() function does not work and throws exception: "SEC7111: HTTPS security is compromised by (null)" in any HTTPS webpage when running IE11 with document mode 9~11.

We can easily reproduce this issue by following steps.

  1. Browse https://www.google.com in IE11.
  2. Launch F12 developer toolbar and ensure the current document mode is greater than or equal to 9.

    Ensure the current document mode >= 9

  3. Execute following script in console.

    document.write('hello')
    
  4. The script fails to execute and throws exception: "SEC7111: HTTPS security is compromised by (null)"

    The script fails to execute and throws exception: "SEC7111: HTTPS security is compromised by (null)"

For the present, it is unclear whether it is a bug or not. I prefer to consider it as a bug because this issue does not occur in Chrome, Firefox, Microsoft Edge and older IEs.

Solutions

  1. Use the DOM manipulation API to control the DOM rather than document.write().
  2. Add X-UA-Compatible meta tag or HTTP response header to force IE to run with legacy document mode: 5, 7, 8.

    X-UA-Compatible meta tag:

    <html>
    <head>
        <meta http-equiv="X-UA-Compatible" content="IE=8" />
        ...
    </head>
    <body>
    </body>
    </html>
    

    X-UA-Compatible HTTP response header:

    X-UA-Compatible HTTP response header