When is IE8 blocking Javascript and how to avoid it?
I have a website using jQuery, jQuery Tools and some handcrafted JS doing graphical enhancements. Even though IE runs on FF, Safari, and Chrome, IE blocks the script from executing:
There is nothing more dangerous in this code than, say, Netvibes .
Why even talk about activeX? I am using JS.
And how can I prevent this? I don't want my user to click the "I allow this site" button to work. It would be like inserting a big red absolute reading DIV "Fast and fast won't be back".
source to share
As Ken Browning said in a comment to your question, this warning happens with javascript when in high security zone where local pages are.
If someone has the Internet as a high security zone, a warning will appear.
You can add localhost to the trusted sites zone .
source to share
js can't access the filesystem, so what does that mean?
In fact JS can traditionally do some bad things launched from my computer zone, like installing ActiveX objects. Many past IE exploits have used this to exploit filesystem access to access arbitrary code.
So, faced with this problem, Microsoft decided to solve this problem, rather than just deleting the My Computer zone - oh no, that would be too easy, but adding an extra layer of complexity. This gave Internet Explorer the ability to block content from the file system by default, allowing other applications that used the built-in WebBrowser controls to continue as before, assuming that perhaps some applications relied on loose settings in their internal HTML. code interfaces.
(They weren't really in the consumer space, but then we never know what shades of disgust might exist in the world of bespoke apps.)
After the embarrassment of IE being hacked all the time, MS is overcompensated, making the blocking settings for filesystem pages significantly stricter than regular web pages from Intenet. Thus, you cannot run JavaScript from files on the filesystem, for good reason.
At this point, the web authors yelped, so MS responded by not removing the excessive blocking - oh no, that would be too easy, but adding an extra layer of complexity. So now you can exit the "My Computer" zone by simply placing it at the top of the file:
<!-- saved from url=(0014)about:internet -->
This enigmatic spell is known as Mark of the Web . The new line at the end should be Windows CRLF, which flips you nicely if you're using plain LF line-endings. Including this line puts you in the regular internet zone where JScript runs, but you don't get any other special privileges.
It's funny that since then the usual security settings in My Computer Zone have been tightened, so that it is almost the same as in the default Internet Zone. So the net result is the same as if they just got rid of the bloody "My Computer Zone" in the first place, only with a lot of additional complications for the user and annoyance for the web author.
Thank you so much Microsoft.
source to share