(app) IE6 -> (menu) Tools -> (menu item) Internet
Options... -> (tab) Advanced -> (section) Security ->
(checkbox - unchecked) Allow active content to run in
files on My Computer
Well, if this box is unchecked, then IE6 stops script
execution and prompts with the Information bar (yellow,
underneath location bar), which you must click (Click
here for options...), and select "Allow Blocked
Content...", which opens another dialog box, where you
select "Yes" button. Then script execution proceeds,
but something is broken at this point, because
this.elm.clientWidth in dyndocument.js is null or not
an object.
This can probably break other things. I don't think it
affects users who go to a web site. But it can be a
potential problem for developers. Maybe there's some
workaround? I'm not too concerned. I only use IE for
testing DynAPI, so the loss of security isn't too big a
deal, is it?
Logged In: YES
user_id=184788
That, i'm afraid is the way of the future.
To be honest, I'm glad.. I have wasted WAY to much time
cleaning nasty spyware and virii from family computer imho.
What's I have seen other sites do is check for IE 6 then
redirect to a page with step-by-step instructions, inlcuding
picures, to enable scripts for your site only.
This way they can view your content, and you are not
recommending they turn of a very good security feature.
If you click the yellow bar, you can enable scripts for the
given site and only that site.
Chears
Logged In: YES
user_id=706287
> If you click the yellow bar, you can enable scripts for the
given site and only that site.
Right, which is why it's low priority. But what you can NOT
DO in IE6, is click that yellow bar and have it work for
local files, nor specify local files that are safe. So
unless you intend to click the yellow bar, click another
thing, and click another thing each and every single time
you open a file for the first time in each browser instance
and then reload the page, then the only thing you can do is
allow all of them with this setting.
I mean, Microsoft will probably refuse to add an intelligent
feature like that, as they've refused to add tabbed
browsing. So as a tradeoff for local security, I have to
enable all scripts on "My Computer", as opposed to a feature
like "Scripts in Folders [x] include sub folders, or a
specific list of scripts". It's arguably negligible
perhaps. Someone could otherwise gain entry to the system,
and maybe fiddle with the browser to load a local script
which then scans all site traffic. But more likely, they'd
just run windows scripting host at that point or have their
own binary handle everything.
I'm all for tighter scripting security, but still. Nothing
replaces a good spyware and adware scanner and virus scanner
and firewall and intrustion detection and an IP block list
(to just avoid going to dangerous sites in the first place),
and to not click on unfamiliar emails (turn off MSOE
ViewPane, which auto opens all emails, on by default). IMO,
the future according to MS is to make it more inconvenient
to develop and innovate. :-\
If it's not something to address with the API, then I'll
have to include something in the docs. Hmm, I need to
expand the categories for the bug tracker.