Re: IE Disinformation bar woes
From: Csaba Gabor (news_at_CsabaGabor.com)
Date: 02/15/05
- Next message: Pauly: "Re: Need you advise as to what I can do ??"
- Previous message: Pauly: "Re: Need you advise as to what I can do ??"
- In reply to: Csaba Gabor: "IE Disinformation bar woes"
- Next in thread: Ramesh, MS-MVP: "Re: IE Disinformation bar woes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 15 Feb 2005 20:44:48 +0100
There seems to be some very skanky stuff going on with
this security "feature." Evidently the security settings used
are the ones in the MOST RECENT INSTANCE of IE
and NOT what has just been entered into the Internet
Options panels. I never even had a fighting chance since
I almost always have several IE windows open and I was
accessing Internet Options through Control Panel and not
even a browser. It was only by accident that I went back
to check my .htm file after opening up a fresh window
that I was able to start down the road to this conclusion.
While ie's behaviour is motivated (I presume) by an
attempt to have IE load faster, security wise the exhibited
behaviour is VERY POOR since the settings shown
correspond to what has been most recently set but these
are not the settings that the running instance may be using.
Furthermore, the unsuspecting user may make some tests
and convince himself that what is happening in front of his
eyes is what will happen the next time he turns his PC off
and turns it back on again. Really shoddy, Microsoft.
As to how I could make these assertions about the forking...
When IE forks a copy of itself, all the forked versions keep
the same temporary cookies. Anyone who has multiple
emails at yahoo is sure to realize this. If he forks a copy
of the browser and logs into yahoo on one, then to another
yahoo account on the second, he will have logged himself out
of the first. This does not happen if the two instances are
started independently (for excruciating details on this topic
see my post at
http://forums.devshed.com/showthread.php?threadid=35068)
One of the oldest browser windows on my system was
logged into yahoo. So to test out my theory, I did ctrl+n
with it active to get a most recent browser window whose
origin I knew. Then I minimized it and activated another
IE instance (just to be sure I didn't give any preference
to the yahoo one). Now I brought up the windows
explorer folder with my test file and double clicked on it.
It brought up a new IE, and it failed (that is, the information
bar came up). then I typed mail.yahoo.com into its address
bar and I was looking at my mail folder in yahoo. That is to
say, I was already logged into yahoo on this newest ie instance
since I had the temporary cookies from the original yahoo
browser which got transferred via the intermediate "most recent
ie instance". Of course, there were a few other similar
experiments to confirm that.
Finally, I would add that I looked at
http://support.microsoft.com/default.aspx?scid=kb;en-us;833633
Specifically, in the last section, above the references, they
introduce a little trick to "place" a local .htm file into the internet
zone: you should claim that it CAME from the internet. Do this
by inserting the following type of comment line:
<!-- saved from url=(0026)http://www.SomeDomain.com/ -->
where that number counts the number of characters in the URL.
I would guess that this is supposed to simulate a request from
that domain on the invoking browser, but it never worked as
advertised for me. The claim was that it wouldn't do the same
nasty script supression stuff that happens with files otherwise
from the hard drive, which is exactly why I tried using this
method. I could not get it to work. At first I gave it a fake name,
because I doubted that the browser would want to spend the
time verifying that the domain existed and even if it did, it
might be unavailable, blah, blah, blah. But even when I gave
it a bone fide domain, I couldn't get it to run the content
without it wanting to abuse my wrist muscles.
Csaba Gabor from Vienna
PS. Even though the behaviour above is abysmal, I do
like the popup blocking feature of the information bar.
That part has made casual browsing much more fun, and
I have not yet noticed any negative consequences for my
own browsing behaviour.
"Csaba Gabor" <news@CsabaGabor.com> wrote in message
news:eG5Ley3EFHA.2176@TK2MSFTNGP15.phx.gbl...
> I've got Win XP Pro (with all patches) and I've written
> a simple .htm file, shown below. My IE 6 insists on
> showing me the information bar ("To help protect your
> security, Internet Explorer has restricted this file from
> showing active content that could access your computer.
> Click here for options...") each time I double click on this
> file, and it is bugging the heck out of me since it takes
> THREE ADDITIONAL clicks to actually get a file
> showing properly (even one would be too many). For
> anyone doing development work this is a horrible
> situation.
>
> If I click on the "information bar" (should be called
> content bar, since it's barring content) help, about 1/3
> of the way down it tells me that I can "stop blocking
> file and software downloads with the Information Bar"
> by going to Control Panel -> Internet Options -> Security
> tab -> select My Computer (which I've enabled to be
> shown by reading http://support.microsoft.com/?kbid=315933
> and then changing HKEY_CURRENT_USER\SOFTWARE\
> Microsoft\Windows\Current Version\Internet Settings\Zones\0\
> Flags from (hex) 21 to 47)
> Then click Custom Level. and 'under ActiveX controls and plug-ins' ->
> 'Automatic prompting for ActiveX controls' I clicked enable.
> In addition, under the Advanced tab of Internet Options,
> near the bottom under the Security section I have checked:
> Allow active content to run in files on My Computer.
> None of this has worked for me.
>
> Can someone advise me where the appropriate setting is
> to get rid of this massive annoyance. I'm even happy
> adding the list of files (or maybe a directory) that I want
> so enabled, but the current situation is really awful.
>
> Thanks,
> Csaba Gabor from Vienna
>
> sample newin.htm file (remove onclick line, and
> the information-bar no longer blocks):
>
> <html><head><title>New Window Test</title></head>
> <body>
> <a id='foo' target=_blank href='newin.htm'
> onclick='document.links[0].href += "?bar=baz"
> >Hi Mom</body></html>
- Next message: Pauly: "Re: Need you advise as to what I can do ??"
- Previous message: Pauly: "Re: Need you advise as to what I can do ??"
- In reply to: Csaba Gabor: "IE Disinformation bar woes"
- Next in thread: Ramesh, MS-MVP: "Re: IE Disinformation bar woes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
