473,322 Members | 1,755 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,322 software developers and data experts.

SP2 blocking the same code on one page but not another

Hi,

I have been tryin to run free dhtml code from a web page. The web page
is:

http://dynamicdrive.com/dynamicindex14/pixelate.htm

When I load the page above it opens as normal and the slide show
automatically runs but when I open my own page that I have saved on my
desktop, created from code from the above url, SP2 bar kicks in at the
top of the page window and warns me 'To help protect your security,
Internet Explorer has restricted active content that could access your
computer'.

I know that this can be configured to not display but I want to use it
for a web page and not have it appear. Why does it not appear on the
above url?

Bizt

Jul 23 '05 #1
6 1492
<bi******@yahoo.co.uk> wrote in message
news:11**********************@g14g2000cwa.googlegr oups.com...
Hi,

I have been tryin to run free dhtml code from a web page. The web page
is:

http://dynamicdrive.com/dynamicindex14/pixelate.htm

When I load the page above it opens as normal and the slide show
automatically runs but when I open my own page that I have saved on my
desktop, created from code from the above url, SP2 bar kicks in at the
top of the page window and warns me 'To help protect your security,
Internet Explorer has restricted active content that could access your
computer'.

I know that this can be configured to not display but I want to use it
for a web page and not have it appear. Why does it not appear on the
above url?


Because thatone is loaded from the web.

Pages loaded from local disk will have JS blocked. To remedy this, Google
for "Mark of the web".

--
Dag.
Jul 23 '05 #2
Some details on IE Disinformation Bar woes are described here:
http://groups-beta.google.com/group/...1bd2b25f2a2948

Csaba Gabor from Vienna

bi******@yahoo.co.uk wrote:
Hi,

I have been tryin to run free dhtml code from a web page. The web page
is:

http://dynamicdrive.com/dynamicindex14/pixelate.htm

When I load the page above it opens as normal and the slide show
automatically runs but when I open my own page that I have saved on my
desktop, created from code from the above url, SP2 bar kicks in at the
top of the page window and warns me 'To help protect your security,
Internet Explorer has restricted active content that could access your
computer'.

I know that this can be configured to not display but I want to use it
for a web page and not have it appear. Why does it not appear on the
above url?

Bizt

Jul 23 '05 #3
The specific "problem" he is having can be "fixed" using a Mark of the
Web to place the local document in the Internet zone:

<url: http://msdn.microsoft.com/workshop/a...rview/motw.asp
/>

<-- saved from url=(0014)about:internet -->

No code that can access the local file system can run when a Mark of the
Web is used, but if there were code that could access the local file
system and it is allowed to run, then the information bar is entirely
correct, there would be script that could be potentially harmful and so
it should require explicit user action to execute.

....Grant

"Csaba Gabor" <cs***@z6.com> wrote in message
news:HK*******************@news.chello.at...
Some details on IE Disinformation Bar woes are described here:
http://groups-beta.google.com/group/...1bd2b25f2a2948

Csaba Gabor from Vienna

bi******@yahoo.co.uk wrote:
Hi,

I have been tryin to run free dhtml code from a web page. The web
page
is:

http://dynamicdrive.com/dynamicindex14/pixelate.htm

When I load the page above it opens as normal and the slide show
automatically runs but when I open my own page that I have saved on
my
desktop, created from code from the above url, SP2 bar kicks in at
the
top of the page window and warns me 'To help protect your security,
Internet Explorer has restricted active content that could access
your
computer'.

I know that this can be configured to not display but I want to use
it
for a web page and not have it appear. Why does it not appear on the
above url?

Bizt

Jul 23 '05 #4
In this case the OP does not seem to be appealing to this
group as a developer so that should be the end of it.
However, as I discussed in my posts, referenced below, this
"security mechanism" really isn't. Any author who wants to
have that mechanism bypassed is simply going to add that
into hir original web page, you don't even need to get the
size right - Zero security has been gained, and I argue
that some has been lost.

If you are only concerned about a handful of pages, I suppose
it's OK to expect a completely HTML illiterate person to figure
out that they should add that construct to their web page.
Oops. I mean scaring and confusing hir by that 'content bar'
(I call it a content bar because it bars content) that comes
up and having them click a few extra times. But it is
unbelievably burdensome to the web developer, not to
mention imposing another cavalier unstandard when there is
already a mechanism for the same thing, <base href=...>

As a result, a developer might lose a day to figure out how to,
and then turn off mechanisms that are supposedly protecting hir,
but are in reality hindering hir efficiency. The point is that
if a protection mechanism is made to hinder a user's efficiency,
that mechanism can expect to be turned off resulting in a more
exposed condition. This is something the designers of such
programs should consider.

Csaba Gabor from Vienna
Grant Wagner wrote:
The specific "problem" he is having can be "fixed" using a Mark of the
Web to place the local document in the Internet zone:

<url: http://msdn.microsoft.com/workshop/a...rview/motw.asp
/>

<-- saved from url=(0014)about:internet -->

No code that can access the local file system can run when a Mark of the
Web is used, but if there were code that could access the local file
system and it is allowed to run, then the information bar is entirely
correct, there would be script that could be potentially harmful and so
it should require explicit user action to execute.

...Grant

"Csaba Gabor" <cs***@z6.com> wrote in message
news:HK*******************@news.chello.at...
Some details on IE Disinformation Bar woes are described here:
http://groups-beta.google.com/group/...1bd2b25f2a2948

Csaba Gabor from Vienna

bi******@yahoo.co.uk wrote:
Hi,

I have been tryin to run free dhtml code from a web page. The web
page
is:

http://dynamicdrive.com/dynamicindex14/pixelate.htm

When I load the page above it opens as normal and the slide show
automatically runs but when I open my own page that I have saved on
my
desktop, created from code from the above url, SP2 bar kicks in at
the
top of the page window and warns me 'To help protect your security,
Internet Explorer has restricted active content that could access
your
computer'.

Jul 23 '05 #5
"Csaba Gabor" <cs***@z6.com> wrote in message
news:TR***************@news.chello.at...
In this case the OP does not seem to be appealing to this
group as a developer so that should be the end of it.
However, as I discussed in my posts, referenced below, this
"security mechanism" really isn't. Any author who wants to
have that mechanism bypassed is simply going to add that
into hir original web page, you don't even need to get the
size right - Zero security has been gained, and I argue
that some has been lost.
You seem to misunderstand what Mark of the Web does, and what it means.

A script loaded from a local hard disk has unlimited security (it can
access the local file system for example). This is why any HTML document
that is loaded into the Web browser from the local disk requires the
user agree to not one, but two warnings that the script can take
malicious actions.

A script loaded from a local hard disk with the Mark of the Web has the
same permissions as an HTML document loaded from the Internet zone (as a
result, it can _not_ access the local file system for example). This is
why a page loaded from the local hard disk with the Mark of the Web does
not result in a prompt, the script can not do anything that a script
loaded from the Internet can not do (barring any unpredicted security
vulnerabilities).
If you are only concerned about a handful of pages, I suppose
it's OK to expect a completely HTML illiterate person to figure
out that they should add that construct to their web page.
Oops. I mean scaring and confusing hir by that 'content bar'
(I call it a content bar because it bars content) that comes
up and having them click a few extra times. But it is
unbelievably burdensome to the web developer, not to
mention imposing another cavalier unstandard when there is
already a mechanism for the same thing, <base href=...>
<base href=...> does not do the same thing.

As outlined above, the Mark of the Web actually changes the security
zone in which the script executes.
As a result, a developer might lose a day to figure out how to,
and then turn off mechanisms that are supposedly protecting hir,
but are in reality hindering hir efficiency. The point is that
if a protection mechanism is made to hinder a user's efficiency,
that mechanism can expect to be turned off resulting in a more
exposed condition. This is something the designers of such
programs should consider.


The developer would not lose a day if they have familiarized themselves
with the changes to Service Pack 2 made to Internet Explorer.

However, the security mechanism is not intended to protect just the Web
developer, it is intended to protect all users of Internet Explorer. It
is simple enough (using provided Microsoft documentation) to write and
test scripts from the local hard disk in Internet Explorer without being
prompted. And I would argue that you should not be testing your Web
pages loaded from a local hard disk anyway, you should be running your
own Web server to most closely mimic the environment in which your pages
will be loading.

--
Grant Wagner <gw*****@agricoreunited.com>
comp.lang.javascript FAQ - http://jibbering.com/faq
Jul 23 '05 #6
Grant Wagner wrote:
"Csaba Gabor" <cs***@z6.com> wrote in message
news:TR***************@news.chello.at...
First of all, I just want to be clear that my vent was not in the
slightest way directed towards you. I just happened to recollect
the frustrations I experienced upon installing service pack 2.
You seem to misunderstand what Mark of the Web does, and what it means.
Evidently. And glad you took the time to write. I always like to
get my misunderstandings cleared up.
A script loaded from a local hard disk has unlimited security (it can
access the local file system for example). This is why any HTML document
that is loaded into the Web browser from the local disk requires the
user agree to not one, but two warnings that the script can take
malicious actions. A script loaded from a local hard disk with the Mark of the Web has the
same permissions as an HTML document loaded from the Internet zone (as a
result, it can _not_ access the local file system for example). This is
why a page loaded from the local hard disk with the Mark of the Web does
not result in a prompt, the script can not do anything that a script
loaded from the Internet can not do (barring any unpredicted security
vulnerabilities).
I thought that .hta files were the ones that had unlimited access
and that is why they had a different suffix so that there should
be no mixup between pages that had limited vs. unlimited access.
If .htm pages have apriori (that is until SP2) unlimited access
then what is the effective distinction between .hta and .htm
(pre service pack 2)?
If you are only concerned about a handful of pages, I suppose
it's OK to expect a completely HTML illiterate person to figure
out that they should add that construct to their web page.
Oops. I mean scaring and confusing hir by that 'content bar'
(I call it a content bar because it bars content) that comes
up and having them click a few extra times. But it is
unbelievably burdensome to the web developer, not to
mention imposing another cavalier unstandard when there is
already a mechanism for the same thing, <base href=...>


<base href=...> does not do the same thing.

As outlined above, the Mark of the Web actually changes the security
zone in which the script executes.

I agree it doesn't, and though it's a moot point, I would
rather have seen <base href=...> adapted.
As a result, a developer might lose a day to figure out how to,
and then turn off mechanisms that are supposedly protecting hir,
but are in reality hindering hir efficiency. The point is that
if a protection mechanism is made to hinder a user's efficiency,
that mechanism can expect to be turned off resulting in a more
exposed condition. This is something the designers of such
programs should consider.

The developer would not lose a day if they have familiarized themselves
with the changes to Service Pack 2 made to Internet Explorer.


Touche. But actually, I did take pains (and it was painful) to
familiarize myself with it - I tried to find the docs, and then to
understand them. And perhaps I am not very good at understanding
things (such as how this Mark of Microsoft works) but (at the
time, anyway), the documentation was scant and confusing on
the nitty gritty details that I was after, plus wrong on
certain points.
However, the security mechanism is not intended to protect just the Web
developer, it is intended to protect all users of Internet Explorer. It
Fair enough. And as the developer, I can expect to have to take
extra time to configure my system to be optimal for me.
is simple enough (using provided Microsoft documentation) to write and
test scripts from the local hard disk in Internet Explorer without being
Sorry if I'm missing something here. Microsoft DID spell out what
I could do (to insert a Mark of the Web for each web page I want do
diddle with locally), but that is massively burdensome for someone
who is going to be doing it frequently.
prompted. And I would argue that you should not be testing your Web
pages loaded from a local hard disk anyway, you should be running your
own Web server to most closely mimic the environment in which your pages
will be loading.


Yes, when I am making real pages I agree. But often, I have to
investigate how page fragments are working (in conjunction with javascript).
Although most of the time I run these through a specialized server setup
I have, in some cases I just want to click on the .htm

Regards,
Csaba
Jul 23 '05 #7

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
by: David Sworder | last post by:
This message was already cross-posted to C# and ADO.NET, but I forgot to post to this "general" group... sorry about that. It just occured to me after my first post that the "general" group readers...
3
by: Mario | last post by:
Hello, I couldn't find a solution to the following problem (tried google and dejanews), maybe I'm using the wrong keywords? Is there a way to open a file (a linux fifo pipe actually) in...
23
by: David McCulloch | last post by:
QUESTION-1: How can I detect if Norton Internet Security is blocking pop-ups? QUESTION-2a: How could I know if a particular JavaScript function has been declared? QUESTION-2b: How could I...
4
by: Anthony Boudouvas | last post by:
Hi to all, i have a form with 2 System.Windows.Forms.Timer objects. One fire every 5 seconds and the other every 10 seconds, the both take actions in two hashtables declared in same form. ...
2
by: Rene | last post by:
Hi, In my VB6 application I'm using a class/object that is using full-async ADO. I can start multiple queries, the class stores the ADODB.Recordset object in an array and waits for the...
7
by: Michi Henning | last post by:
Hi, I'm using a non-blocking connect to connect to a server. Works fine -- the server gets and accepts the connection. However, once the connection is established, I cannot retrieve either the...
8
by: Mauricio | last post by:
Hello, Currently we have an ASP.NET 2003 app running, on one function the app calls to a stored procedure to SQLServerONE, that stored procedure creates some TEMP tables with the results of a...
5
by: Simon Knox | last post by:
Hi I have a web app that has a legitimate use for pop up windows. My web app is an insurance quoting app. I use the window.open method to display another aspx page so that the user can check...
3
by: loosecannon_1 | last post by:
I get a 90-120 second blocking when send 15 or so simultaneous queries to SQL Server 2000 that query a view made up of two joined tables. After each query is blocking for the same amount of time...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.