My friend Walt was trying to write a little HTML page with JavaScript to automate a task at work for himself and some colleagues.
He developed it on his own computer; saved it and ran it in Internet Explorer (the only browser allowed to be on their computers at work.) On his computer, the page appeared in "My Computer" (counted in the "Internet" zone if you double-click to bring up the security settings.) Internet Explorer prompted him to allow the ActiveX content.
He then put the file on a network share and allowed his colleagues to download it to their own local machines.
When they downloaded and opened the file in Internet Explorer on their local computers, it appeared as "Restricted Sites" zone. This confused both of us, so I asked him to send me the file.
He transferred it to me via Windows Live Messenger and I saved it to my desktop. I got the same result when I opened it in Internet Explorer.
For an experiment, I edited the file... copied all of its contents into a new file I created from scratch on my machine. When I loaded the new file in Internet Explorer, it appeared as "My Computer" in the "Internet" zone as it had when Walt originally created it.
Thus we can deduce that IE must look at the file's properties and determine if a file was created on the machine asking to run it and if not, locks it down as a "Restricted Sites" file. It treats the ones created on the machine in question as "Internet."
While annoying, this is a nice security feature... and now you know how to get around it...
1. Make sure you analyze the code before you copy to a new file - if you don't and you introduce malicious code on your own machine... shame on you and Microsoft did all they could to protect you. Shame on you... :)
2. Copy the code into a new file that you save to your own machine.
3. Open in Internet Explorer
Of course, I don't know that Firefox has the same restriction, because it doesn't allow direct calls via JavaScript to ActiveX objects so it may run just fine without the extra steps... If so, and you have Firefox on your computer; well, you know what to do.
No comments:
Post a Comment