Menu
▾
▴
[DynAPI-notify] [ dynapi-Bugs-1254453 ] IE6 blocks scripts on My Computer and breaks things.
|
From: SourceForge.net <no...@so...> - 2005-08-09 14:39:59
|
Bugs item #1254453, was opened at 2005-08-08 15:57 Message generated for change (Comment added) made by warp9pnt9 You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105757&aid=1254453&group_id=5757 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: DynAPI 3 API Group: None Status: Open Resolution: None Priority: 1 Submitted By: L W (warp9pnt9) Assigned to: L W (warp9pnt9) Summary: IE6 blocks scripts on My Computer and breaks things. Initial Comment: (app) IE6 -> (menu) Tools -> (menu item) Internet Options... -> (tab) Advanced -> (section) Security -> (checkbox - unchecked) Allow active content to run in files on My Computer Well, if this box is unchecked, then IE6 stops script execution and prompts with the Information bar (yellow, underneath location bar), which you must click (Click here for options...), and select "Allow Blocked Content...", which opens another dialog box, where you select "Yes" button. Then script execution proceeds, but something is broken at this point, because this.elm.clientWidth in dyndocument.js is null or not an object. This can probably break other things. I don't think it affects users who go to a web site. But it can be a potential problem for developers. Maybe there's some workaround? I'm not too concerned. I only use IE for testing DynAPI, so the loss of security isn't too big a deal, is it? ---------------------------------------------------------------------- >Comment By: L W (warp9pnt9) Date: 2005-08-09 10:23 Message: Logged In: YES user_id=706287 > If you click the yellow bar, you can enable scripts for the given site and only that site. Right, which is why it's low priority. But what you can NOT DO in IE6, is click that yellow bar and have it work for local files, nor specify local files that are safe. So unless you intend to click the yellow bar, click another thing, and click another thing each and every single time you open a file for the first time in each browser instance and then reload the page, then the only thing you can do is allow all of them with this setting. I mean, Microsoft will probably refuse to add an intelligent feature like that, as they've refused to add tabbed browsing. So as a tradeoff for local security, I have to enable all scripts on "My Computer", as opposed to a feature like "Scripts in Folders [x] include sub folders, or a specific list of scripts". It's arguably negligible perhaps. Someone could otherwise gain entry to the system, and maybe fiddle with the browser to load a local script which then scans all site traffic. But more likely, they'd just run windows scripting host at that point or have their own binary handle everything. I'm all for tighter scripting security, but still. Nothing replaces a good spyware and adware scanner and virus scanner and firewall and intrustion detection and an IP block list (to just avoid going to dangerous sites in the first place), and to not click on unfamiliar emails (turn off MSOE ViewPane, which auto opens all emails, on by default). IMO, the future according to MS is to make it more inconvenient to develop and innovate. :- If it's not something to address with the API, then I'll have to include something in the docs. Hmm, I need to expand the categories for the bug tracker. ---------------------------------------------------------------------- Comment By: Doug Melvin (doug_melvin) Date: 2005-08-08 23:46 Message: Logged In: YES user_id=184788 That, i'm afraid is the way of the future. To be honest, I'm glad.. I have wasted WAY to much time cleaning nasty spyware and virii from family computer imho. What's I have seen other sites do is check for IE 6 then redirect to a page with step-by-step instructions, inlcuding picures, to enable scripts for your site only. This way they can view your content, and you are not recommending they turn of a very good security feature. If you click the yellow bar, you can enable scripts for the given site and only that site. Chears ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105757&aid=1254453&group_id=5757 |
