Steven Daedelus wrote:
[...] "Richard Cornford" [...] wrote: As I recall, the desktop background is held in a setting in the Windows
registry so a WSH script or an HTA could change those settings
(implemented in JScript). If the idea is to attempt it from a web page
over the Internet then security restriction will render the task
impossible.
[...]
I concur. The root object, when you run JS in a web page, is the window
object. Can't go any higher than that.
The root object of an (X)HTML document (that is what you call a "web page")
is the "html" element object which is part of the DOM. The global object
has a "window" property that refers to itself in all HTML UAs I know of.
It is correct that one cannot escape from the browser's DOM and "invade"
the user's system without an appropriate client-side API.
However, Richard was talking about HyperText Applications (HTAs) that use
the Windows Script Host (WSH) and ActiveX. Those run on the client, but
not necessarily within the browser (but *can* run from Internet sites in
IE!), and can access e.g. the Windows registry (take for example the Windows
Me/2k/XP Control Panel's Software module -- that is a HTA). (That is why
RadioActiveX is considered harmful and support for that is recommended to
be restricted, if not disabled, if not avoiding IE and Windows at all.)
PointedEars
