<a href="file://C:\temp" target="_blank">C:\temp</a> does not work in IE anymore !

Dieter Salath? said the following on 11/22/04 13:51:

in our webpage, a user could open a windows explorer to his temp
directory with a simple link and usage of the file protocol:
<a href="file://C:\temp" target="_blank">C:\temp</a>
I think it should be three slashes instead of two:

<a href="file:///c:\temp" ...

... but since I don't have a M$ system anymore I can't verify that.
This worked very well a long time, but now it does not work anymore.

We use IE6 and Microsoft Windows XP Professional 2002 SP2.
I guess it doesn't work since you installed SP2, correct? It introduces
numerous problems, but I don't know the work around for it (other then
uninstalling SP2 if that's possible at all).
I guess it has something to do with new IE security features. Does
anybody know a workaround or how we can disable this IE behaviour.

You could try to change the zones for IE, but that's way out of my league.

--
Regards
Harrie

"Dieter Salath?" <sa*****@freesurf.ch> wrote in message
news:69*************************@posting.google.co m...

Hi,
in our webpage, a user could open a windows explorer to his temp
directory with a simple link and usage of the file protocol:
<a href="file://C:\temp" target="_blank">C:\temp</a>

This worked very well a long time, but now it does not work anymore.

We use IE6 and Microsoft Windows XP Professional 2002 SP2.

I guess it has something to do with new IE security features. Does
anybody know a workaround or how we can disable this IE behaviour.

If it's a question about IE configuration rather than authoring HTML, you'll
probably get a better response in an IE-related newsgroup. My HTML-related
observation is that technically the href should have three slashes after the
colon, and the backslash should also be a slash.

"Dieter Salath?" wrote in comp.infosystems.www.authoring.html:

in our webpage, a user could open a windows explorer to his temp
directory with a simple link and usage of the file protocol:
<a href="file://C:\temp" target="_blank">C:\temp</a>

This worked very well a long time,

I doubt that it ever worked. You'd need three slashes after the
file:, not two. You should also have a slash not backslash after c:,
though I believe Windows-based browsers aren't too fussy about that.

The larger issue is that you're only _guessing_ at the location of
the temp directory.

--
Stan Brown, Oak Road Systems, Tompkins County, New York, USA
http://OakRoadSystems.com/
HTML 4.01 spec: http://www.w3.org/TR/html401/
validator: http://validator.w3.org/
CSS 2.1 spec: http://www.w3.org/TR/CSS21/
validator: http://jigsaw.w3.org/css-validator/

Dieter Salath? wrote:

in our webpage, a user could open a windows explorer to his temp
directory with a simple link and usage of the file protocol: <a
href="file://C:\temp" target="_blank">C:\temp</a>
Exposing a security vulnerability.
This worked very well a long time
In spite of the malformed url?
but now it does not work anymore.

We use IE6 and Microsoft Windows XP Professional 2002 SP2.

I guess it has something to do with new IE security features.
Precisely so.
Does anybody know a workaround or how we can disable this IE
behaviour.

You want to reintroduce the security vulnerability? Strange request.
Well, no, I don't know how to make your users' systems more vulnerable.

--
Brian (remove "invalid" to email me)

"Harlan Messinger" <h.*********@comcast.net> wrote in message news:<30*************@uni-berlin.de>...

If it's a question about IE configuration rather than authoring HTML, you'll
probably get a better response in an IE-related newsgroup. My HTML-related
observation is that technically the href should have three slashes after the
colon, and the backslash should also be a slash.

That's actually a "URI-related" observation, not specifically
HTML-related.

If this issue is actually to be discussed in the context of authoring
for the WWW, then one needs also to consider how it works (or fails to
work) in browsers other than IE; I believe that Mozilla, for one, also
has security features that limit where you can use "file:" URIs.

--
Dan

da*@tobias.name (Daniel R. Tobias) wrote:

"Harlan Messinger" <h.*********@comcast.net> wrote in message news:<30*************@uni-berlin.de>...

If it's a question about IE configuration rather than authoring HTML, you'll
probably get a better response in an IE-related newsgroup. My HTML-related
observation is that technically the href should have three slashes after the
colon, and the backslash should also be a slash.
That's actually a "URI-related" observation, not specifically
HTML-related.

But knowing the correct value domains for HTML attributes is
HTML-related. ;-)

If this issue is actually to be discussed in the context of authoring
for the WWW, then one needs also to consider how it works (or fails to
work) in browsers other than IE; I believe that Mozilla, for one, also
has security features that limit where you can use "file:" URIs.

--
Harlan Messinger
Remove the first dot from my e-mail address.
Veuillez ôter le premier point de mon adresse de courriel.

> Exposing a security vulnerability.

Yes, thats why we did not open the file itself, but only the directory
containing the file. However windows make no difference beetween
opening a file and a directory, and in my optinon, this makes sense.

In spite of the malformed url?
Yes, browsers (IE, Firefox, Netscape) are pretty fault-tolerant in
this case. This is not the reason.
You want to reintroduce the security vulnerability? Strange request.
Well, no, I don't know how to make your users' systems more vulnerable.

The reason is the SP2 for Windows XP. SP2 has new security features,
which do not allow the file protocol anymore.

Dieter

On 23 Nov 2004 02:54:36 -0800, Dieter Salath? <sa*****@freesurf.ch> wrote:

Exposing a security vulnerability.

Yes, thats why we did not open the file itself, but only the directory
containing the file. However windows make no difference beetween
opening a file and a directory, and in my optinon, this makes sense.

In spite of the malformed url?

Yes, browsers (IE, Firefox, Netscape) are pretty fault-tolerant in
this case. This is not the reason.

You want to reintroduce the security vulnerability? Strange request.
Well, no, I don't know how to make your users' systems more vulnerable.

The reason is the SP2 for Windows XP. SP2 has new security features,
which do not allow the file protocol anymore.

Opera 7.54 also doesn't allow this, except in files loaded from your own
machine anyway. This was a change from earlier versions that did allow it.
Well, time to put everything on a proper webserver. There are several
light-weight freeware servers you can run on localhost.

--
Rijk van Geijtenbeek

The Web is a procrastination apparatus:
It can absorb as much time as is required to ensure that you
won't get any real work done. - J.Nielsen

On Tue, 23 Nov 2004, Dieter Salath? wrote:

The reason is the SP2 for Windows XP. SP2 has new security features,
which do not allow the file protocol anymore.

If that's your specific problem, then I don't know why you had to go
and exacerbate it by using defective URL syntax, and trying to open a
new window. The first rule of problem resolution is to remove
extraneous details, and focus down on the specific problem.

I'd suggest reading
http://www.microsoft.com/technet/pro...1341211tt20120
and searching for the string "file://" (without the quotes) and taking
it from there.

That was the technet article that I found when I searched for your
problem: it's entitled:

Changes to Functionality in Microsoft Windows XP Service Pack 2
Part 5: Enhanced Browsing Security

It appears that the user (or their sysadmin) can configure this. Of
course, they'd need some reason to trust you first.

Disclaimer: I haven't personally tried this. YMMV.

hth. Not really an issue that's relevant to "authoring HTML for
the WWW", by the way. A browser- or OS-oriented group might have been
more appropriate IMHO.

user must add their server into the trust zone..then they can link from html into his local HD.

This work for me.