Menu

#249 IE6 blocks scripts on My Computer and breaks things.

open
DynAPI 3 Docs (1)
1
2005-08-09
2005-08-08
No

(app) IE6 -> (menu) Tools -> (menu item) Internet
Options... -> (tab) Advanced -> (section) Security ->
(checkbox - unchecked) Allow active content to run in
files on My Computer

Well, if this box is unchecked, then IE6 stops script
execution and prompts with the Information bar (yellow,
underneath location bar), which you must click (Click
here for options...), and select "Allow Blocked
Content...", which opens another dialog box, where you
select "Yes" button. Then script execution proceeds,
but something is broken at this point, because
this.elm.clientWidth in dyndocument.js is null or not
an object.

This can probably break other things. I don't think it
affects users who go to a web site. But it can be a
potential problem for developers. Maybe there's some
workaround? I'm not too concerned. I only use IE for
testing DynAPI, so the loss of security isn't too big a
deal, is it?

Discussion

  • Doug Melvin

    Doug Melvin - 2005-08-09

    Logged In: YES
    user_id=184788

    That, i'm afraid is the way of the future.
    To be honest, I'm glad.. I have wasted WAY to much time
    cleaning nasty spyware and virii from family computer imho.

    What's I have seen other sites do is check for IE 6 then
    redirect to a page with step-by-step instructions, inlcuding
    picures, to enable scripts for your site only.

    This way they can view your content, and you are not
    recommending they turn of a very good security feature.

    If you click the yellow bar, you can enable scripts for the
    given site and only that site.

    Chears

     

  • - 2005-08-09

    Logged In: YES
    user_id=706287

    > If you click the yellow bar, you can enable scripts for the
    given site and only that site.

    Right, which is why it's low priority. But what you can NOT
    DO in IE6, is click that yellow bar and have it work for
    local files, nor specify local files that are safe. So
    unless you intend to click the yellow bar, click another
    thing, and click another thing each and every single time
    you open a file for the first time in each browser instance
    and then reload the page, then the only thing you can do is
    allow all of them with this setting.

    I mean, Microsoft will probably refuse to add an intelligent
    feature like that, as they've refused to add tabbed
    browsing. So as a tradeoff for local security, I have to
    enable all scripts on "My Computer", as opposed to a feature
    like "Scripts in Folders [x] include sub folders, or a
    specific list of scripts". It's arguably negligible
    perhaps. Someone could otherwise gain entry to the system,
    and maybe fiddle with the browser to load a local script
    which then scans all site traffic. But more likely, they'd
    just run windows scripting host at that point or have their
    own binary handle everything.

    I'm all for tighter scripting security, but still. Nothing
    replaces a good spyware and adware scanner and virus scanner
    and firewall and intrustion detection and an IP block list
    (to just avoid going to dangerous sites in the first place),
    and to not click on unfamiliar emails (turn off MSOE
    ViewPane, which auto opens all emails, on by default). IMO,
    the future according to MS is to make it more inconvenient
    to develop and innovate. :-\

    If it's not something to address with the API, then I'll
    have to include something in the docs. Hmm, I need to
    expand the categories for the bug tracker.

     

  • - 2005-08-09
    • labels: 541438 --> DynAPI 3 Docs
     

Log in to post a comment.