Hi,
I have been tryin to run free dhtml code from a web page. The web page
is: http://dynamicdrive.com/dynamicindex14/pixelate.htm
When I load the page above it opens as normal and the slide show
automatically runs but when I open my own page that I have saved on my
desktop, created from code from the above url, SP2 bar kicks in at the
top of the page window and warns me 'To help protect your security,
Internet Explorer has restricted active content that could access your
computer'.
I know that this can be configured to not display but I want to use it
for a web page and not have it appear. Why does it not appear on the
above url?
Bizt 6  1523 
<bi******@yahoo .co.uk> wrote in message
news:11******** **************@ g14g2000cwa.goo glegroups.com.. . Hi,
I have been tryin to run free dhtml code from a web page. The web page
is:
http://dynamicdrive.com/dynamicindex14/pixelate.htm
When I load the page above it opens as normal and the slide show
automatically runs but when I open my own page that I have saved on my
desktop, created from code from the above url, SP2 bar kicks in at the
top of the page window and warns me 'To help protect your security,
Internet Explorer has restricted active content that could access your
computer'.
I know that this can be configured to not display but I want to use it
for a web page and not have it appear. Why does it not appear on the
above url?
Because thatone is loaded from the web.
Pages loaded from local disk will have JS blocked. To remedy this, Google
for "Mark of the web".
--
Dag.
Some details on IE Disinformation Bar woes are described here: http://groups-beta.google.com/group/...1bd2b25f2a2948
Csaba Gabor from Vienna bi******@yahoo. co.uk wrote: Hi,
I have been tryin to run free dhtml code from a web page. The web page
is:
http://dynamicdrive.com/dynamicindex14/pixelate.htm
When I load the page above it opens as normal and the slide show
automatically runs but when I open my own page that I have saved on my
desktop, created from code from the above url, SP2 bar kicks in at the
top of the page window and warns me 'To help protect your security,
Internet Explorer has restricted active content that could access your
computer'.
I know that this can be configured to not display but I want to use it
for a web page and not have it appear. Why does it not appear on the
above url?
Bizt
The specific "problem" he is having can be "fixed" using a Mark of the
Web to place the local document in the Internet zone:
<url: http://msdn.microsoft.com/workshop/a...rview/motw.asp
/>
<-- saved from url=(0014)about :internet -->
No code that can access the local file system can run when a Mark of the
Web is used, but if there were code that could access the local file
system and it is allowed to run, then the information bar is entirely
correct, there would be script that could be potentially harmful and so
it should require explicit user action to execute.
....Grant
"Csaba Gabor" <cs***@z6.com > wrote in message
news:HK******** ***********@new s.chello.at... Some details on IE Disinformation Bar woes are described here:
http://groups-beta.google.com/group/...1bd2b25f2a2948
Csaba Gabor from Vienna
bi******@yahoo. co.uk wrote: Hi,
I have been tryin to run free dhtml code from a web page. The web
page
is:
http://dynamicdrive.com/dynamicindex14/pixelate.htm
When I load the page above it opens as normal and the slide show
automatically runs but when I open my own page that I have saved on
my
desktop, created from code from the above url, SP2 bar kicks in at
the
top of the page window and warns me 'To help protect your security,
Internet Explorer has restricted active content that could access
your
computer'.
I know that this can be configured to not display but I want to use
it
for a web page and not have it appear. Why does it not appear on the
above url?
Bizt
In this case the OP does not seem to be appealing to this
group as a developer so that should be the end of it.
However, as I discussed in my posts, referenced below, this
"security mechanism" really isn't. Any author who wants to
have that mechanism bypassed is simply going to add that
into hir original web page, you don't even need to get the
size right - Zero security has been gained, and I argue
that some has been lost.
If you are only concerned about a handful of pages, I suppose
it's OK to expect a completely HTML illiterate person to figure
out that they should add that construct to their web page.
Oops. I mean scaring and confusing hir by that 'content bar'
(I call it a content bar because it bars content) that comes
up and having them click a few extra times. But it is
unbelievably burdensome to the web developer, not to
mention imposing another cavalier unstandard when there is
already a mechanism for the same thing, <base href=...>
As a result, a developer might lose a day to figure out how to,
and then turn off mechanisms that are supposedly protecting hir,
but are in reality hindering hir efficiency. The point is that
if a protection mechanism is made to hinder a user's efficiency,
that mechanism can expect to be turned off resulting in a more
exposed condition. This is something the designers of such
programs should consider.
Csaba Gabor from Vienna
Grant Wagner wrote: The specific "problem" he is having can be "fixed" using a Mark of the
Web to place the local document in the Internet zone:
<url: http://msdn.microsoft.com/workshop/a...rview/motw.asp
/>
<-- saved from url=(0014)about :internet -->
No code that can access the local file system can run when a Mark of the
Web is used, but if there were code that could access the local file
system and it is allowed to run, then the information bar is entirely
correct, there would be script that could be potentially harmful and so
it should require explicit user action to execute.
...Grant
"Csaba Gabor" <cs***@z6.com > wrote in message
news:HK******** ***********@new s.chello.at...
Some details on IE Disinformation Bar woes are described here:
http://groups-beta.google.com/group/...1bd2b25f2a2948
Csaba Gabor from Vienna
bi******@yaho o.co.uk wrote:
Hi,
I have been tryin to run free dhtml code from a web page. The web
page
is:
http://dynamicdrive.com/dynamicindex14/pixelate.htm
When I load the page above it opens as normal and the slide show
automaticall y runs but when I open my own page that I have saved on
my
desktop, created from code from the above url, SP2 bar kicks in at
the
top of the page window and warns me 'To help protect your security,
Internet Explorer has restricted active content that could access
your
computer'.
"Csaba Gabor" <cs***@z6.com > wrote in message
news:TR******** *******@news.ch ello.at... In this case the OP does not seem to be appealing to this
group as a developer so that should be the end of it.
However, as I discussed in my posts, referenced below, this
"security mechanism" really isn't. Any author who wants to
have that mechanism bypassed is simply going to add that
into hir original web page, you don't even need to get the
size right - Zero security has been gained, and I argue
that some has been lost.
You seem to misunderstand what Mark of the Web does, and what it means.
A script loaded from a local hard disk has unlimited security (it can
access the local file system for example). This is why any HTML document
that is loaded into the Web browser from the local disk requires the
user agree to not one, but two warnings that the script can take
malicious actions.
A script loaded from a local hard disk with the Mark of the Web has the
same permissions as an HTML document loaded from the Internet zone (as a
result, it can _not_ access the local file system for example). This is
why a page loaded from the local hard disk with the Mark of the Web does
not result in a prompt, the script can not do anything that a script
loaded from the Internet can not do (barring any unpredicted security
vulnerabilities ).
If you are only concerned about a handful of pages, I suppose
it's OK to expect a completely HTML illiterate person to figure
out that they should add that construct to their web page.
Oops. I mean scaring and confusing hir by that 'content bar'
(I call it a content bar because it bars content) that comes
up and having them click a few extra times. But it is
unbelievably burdensome to the web developer, not to
mention imposing another cavalier unstandard when there is
already a mechanism for the same thing, <base href=...>
<base href=...> does not do the same thing.
As outlined above, the Mark of the Web actually changes the security
zone in which the script executes.
As a result, a developer might lose a day to figure out how to,
and then turn off mechanisms that are supposedly protecting hir,
but are in reality hindering hir efficiency. The point is that
if a protection mechanism is made to hinder a user's efficiency,
that mechanism can expect to be turned off resulting in a more
exposed condition. This is something the designers of such
programs should consider.
The developer would not lose a day if they have familiarized themselves
with the changes to Service Pack 2 made to Internet Explorer.
However, the security mechanism is not intended to protect just the Web
developer, it is intended to protect all users of Internet Explorer. It
is simple enough (using provided Microsoft documentation) to write and
test scripts from the local hard disk in Internet Explorer without being
prompted. And I would argue that you should not be testing your Web
pages loaded from a local hard disk anyway, you should be running your
own Web server to most closely mimic the environment in which your pages
will be loading.
--
Grant Wagner <gw*****@agrico reunited.com>
comp.lang.javas cript FAQ - http://jibbering.com/faq
Grant Wagner wrote: "Csaba Gabor" <cs***@z6.com > wrote in message
news:TR******** *******@news.ch ello.at...
First of all, I just want to be clear that my vent was not in the
slightest way directed towards you. I just happened to recollect
the frustrations I experienced upon installing service pack 2.
You seem to misunderstand what Mark of the Web does, and what it means.
Evidently. And glad you took the time to write. I always like to
get my misunderstandin gs cleared up.
A script loaded from a local hard disk has unlimited security (it can
access the local file system for example). This is why any HTML document
that is loaded into the Web browser from the local disk requires the
user agree to not one, but two warnings that the script can take
malicious actions.
A script loaded from a local hard disk with the Mark of the Web has the
same permissions as an HTML document loaded from the Internet zone (as a
result, it can _not_ access the local file system for example). This is
why a page loaded from the local hard disk with the Mark of the Web does
not result in a prompt, the script can not do anything that a script
loaded from the Internet can not do (barring any unpredicted security
vulnerabilities ).
I thought that .hta files were the ones that had unlimited access
and that is why they had a different suffix so that there should
be no mixup between pages that had limited vs. unlimited access.
If .htm pages have apriori (that is until SP2) unlimited access
then what is the effective distinction between .hta and .htm
(pre service pack 2)?
If you are only concerned about a handful of pages, I suppose
it's OK to expect a completely HTML illiterate person to figure
out that they should add that construct to their web page.
Oops. I mean scaring and confusing hir by that 'content bar'
(I call it a content bar because it bars content) that comes
up and having them click a few extra times. But it is
unbelievabl y burdensome to the web developer, not to
mention imposing another cavalier unstandard when there is
already a mechanism for the same thing, <base href=...>
<base href=...> does not do the same thing.
As outlined above, the Mark of the Web actually changes the security
zone in which the script executes.
I agree it doesn't, and though it's a moot point, I would
rather have seen <base href=...> adapted.
As a result, a developer might lose a day to figure out how to,
and then turn off mechanisms that are supposedly protecting hir,
but are in reality hindering hir efficiency. The point is that
if a protection mechanism is made to hinder a user's efficiency,
that mechanism can expect to be turned off resulting in a more
exposed condition. This is something the designers of such
programs should consider.
The developer would not lose a day if they have familiarized themselves
with the changes to Service Pack 2 made to Internet Explorer.
Touche. But actually, I did take pains (and it was painful) to
familiarize myself with it - I tried to find the docs, and then to
understand them. And perhaps I am not very good at understanding
things (such as how this Mark of Microsoft works) but (at the
time, anyway), the documentation was scant and confusing on
the nitty gritty details that I was after, plus wrong on
certain points.
However, the security mechanism is not intended to protect just the Web
developer, it is intended to protect all users of Internet Explorer. It
Fair enough. And as the developer, I can expect to have to take
extra time to configure my system to be optimal for me.
is simple enough (using provided Microsoft documentation) to write and
test scripts from the local hard disk in Internet Explorer without being
Sorry if I'm missing something here. Microsoft DID spell out what
I could do (to insert a Mark of the Web for each web page I want do
diddle with locally), but that is massively burdensome for someone
who is going to be doing it frequently.
prompted. And I would argue that you should not be testing your Web
pages loaded from a local hard disk anyway, you should be running your
own Web server to most closely mimic the environment in which your pages
will be loading.
Yes, when I am making real pages I agree. But often, I have to
investigate how page fragments are working (in conjunction with javascript).
Although most of the time I run these through a specialized server setup
I have, in some cases I just want to click on the .htm
Regards,
Csaba This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: David Sworder |
last post by:
This message was already cross-posted to C# and ADO.NET, but I forgot to
post to this "general" group... sorry about that. It just occured to me
after my first post that the "general" group readers might have some
thoughts on this perplexing .NET blocking issue.
(see below)
=====
Hi,
|
by: Mario |
last post by:
Hello,
I couldn't find a solution to the following problem (tried
google and dejanews), maybe I'm using the wrong keywords?
Is there a way to open a file (a linux fifo pipe actually) in
nonblocking mode in c++? I did something ugly like
--- c/c++ mixture ---
mkfifo( "testpipe", 777);
|
by: David McCulloch |
last post by:
QUESTION-1:
How can I detect if Norton Internet Security is blocking pop-ups?
QUESTION-2a:
How could I know if a particular JavaScript function has been declared?
QUESTION-2b:
How could I know if Window.Open has been redefined?
BACKGROUND:
|
by: Anthony Boudouvas |
last post by:
Hi to all,
i have a form with 2 System.Windows.Forms.Timer objects.
One fire every 5 seconds and the other every 10 seconds,
the both take actions in two hashtables declared in same form.
When timers fire, main form is somewhat blocking until timers finish
their job, (socket operations). (Imagine to move the form by it's caption
bar and it somewhat freeze when timers fire...)
|
by: Rene |
last post by:
Hi,
In my VB6 application I'm using a class/object that is using full-async ADO.
I can start multiple queries, the class stores the ADODB.Recordset object in
an array and waits for the QueryComplete event. This will set the result and
flag 'the query is finished' in the array.
In my WaitForResult() method I wait till the flag 'query is finished' is set
and return to the caller. While waiting I'm calling DoEvents and delay
| | |
by: Michi Henning |
last post by:
Hi,
I'm using a non-blocking connect to connect to a server.
Works fine -- the server gets and accepts the connection.
However, once the connection is established, I cannot
retrieve either the local or the remote endpoint from
the client-side socket.
The *really* strange thing is that Socket.LocalEndPoint is null.
According to the doc, that's impossible: reading the LocalEndPoint
|
by: Mauricio |
last post by:
Hello,
Currently we have an ASP.NET 2003 app running, on one function the app
calls to a stored procedure to SQLServerONE, that stored procedure
creates some TEMP tables with the results of a stored procedure that
is remotely called con SQLServerTWO that generates TEMP tables that
are used to return results.
When we begin stress-testing the app issuing the same function from
many clients at the same time and check the open connections...
|
by: Simon Knox |
last post by:
Hi
I have a web app that has a legitimate use for pop up windows. My web app is
an insurance quoting app. I use the window.open method to display another
aspx page so that the user can check some information without losing where
they are up to in the application process.
|
by: loosecannon_1 |
last post by:
I get a 90-120 second blocking when send 15 or so simultaneous queries
to SQL Server 2000 that query a view made up of two joined tables.
After each query is blocking for the same amount of time they all
return. Further identical queries of this type work in 3-4 seconds
(caching?) until hours later where it happens again. If I query the
tables directly (without the view) I still get the same blocking. If I
remove the join (it is a simple...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| | |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
