|
Xpounded: Local Script AND SP2
Make IE6 (XP SP2) and local content play nice.
If you have IE6 and XP SP2, you have most likely run into the 'Information Bar' and its message-box popup warning you that
the page you are viewing may cause damage to your system. This is security overkill for local pages you knowingly
download or create yourself.
There is a simple way to solve the 'Information Bar' headache.
You can turn your content into Hyper Text Applications. The simplest way to do this is to change the htm, or html extension to hta. This is a simple solution, and I like HTAs, but another solution would be nice.
So...
Another solution is to subcumb to Microsofts methodology and use the 'Mark of the Web'.
(you may not like the solution, but it works with seemingly more and more people adopting it, and its also what this page is about.)
Instructions:
I suggest you select a name you like (like yourname, or your comapny name) and enter that name as a trusted site:
In IE the menu order to click is Tools -> Internet options...,and select the security tab. Click the Trusted Sites icon,
and add your newly made up site name that will be the namespace for all of your local content. Enter a https site for that extra warm and fuzzy feeling of security that Microsoft wants us to have.
A short example:
- Since I can choose any name for the trust zone, I will choose local.javascript (any name will do).
- I open IE and click the menu items Tools -> Internet Options...
- I select the Security tab, and click Trusted Sites.
- I click the Sites... button.
- I type in https://www.local.javascript.com into the 'Add this website to the zone' textbox.
I want to restate that this is not a real website, but just a name.
- I click Ok, and Ok again to save the new change.
- Now any time I want to run any content locally without seeing the 'Information Bar' popup,
all I need to do is
add the comment
<!-- saved from url=(0032)https://www.local.javascript.com -->
as the first line in the page.
NOTE: The (0032) in '<!-- saved from url=(0032)https://www.local.javascript.com -->' is the length of the string https://www.local.javascript.com. The number (32 in this case could have been smaller than the length of the string, but IE uses only the given number of characters to map the string to the entries in the trust zone. If the length in (####) is greater than the URL's length, IE will ignore the comment and load the page in the Local Machine zone (read Information Bar.)
This solution will not let others run my content without the popup, but it will allow me to run my own content.
Also, keep in mind that letting others have your name will allow them the possibility to create pages that run as trusted on your machine, by adding your 'Mark' to the top of their page.
Also, if your audiance agrees to make the same name (site) trusted, script can be run on those machines
without the script blocking 'Information Bar' rearing its ugly head.
I hope you find this information useful, and that you will have fewer headaches running script on your machine.
No HTML to View
|
|
