Internet Explorer Blocks JavaScript

[Doug van Vianen]

Hi,

I often like to include some JavaScript coding in my web pages to make them
more interesting. Unfortunately, even when this coding is as simple as a
check to see what the display width is in pixels so that pictures on the
page can be adjusted to better fit the display, Internet Explorer detects
the coding and blocks it. Of course the user can click on the message
displayed above the web page to allow "the active component" but many of the
people who receive my pages are seniors and/or are not computer
sophistocated enough to feel comfortable doing this. They think that the
JavaScript coding might be some virus or whatever.

I have been using JavaScript for several years and may be using outdated
coding. Could this be causing the problem? Is there some way to use
JavaScript within a web page without having the security problem pop up?

An example of the coding I use is in the page at

http://members.shaw.ca/burdick/checkup/checkup.htm

Thank you.

Doug

 

[Randy Webb]

Tony said the following on 6/8/2006 4:52 PM:

The problem isn't the Javascript - it's in your browser settings. It
works fine for me.

It's not even that difficult. It makes a huge difference when you test
it from a server as opposed to testing it locally.

 

[Randy Webb]

Tony said the following on 6/8/2006 9:06 PM:

How so? I just downloaded the page & ran it - seemed to work the same.
Perhaps I missed something, but how would running from a server make any
difference with how javascript works?

Security Zone that the document is in.

 

[TC]

Is there some way to use JavaScript within a web page
without having the security problem pop up?

Your page works fine when run from the web (under default IE security
settings).

When you run it *from disk*, IE runs it under the security settings for
the "Local Computer" zone. These days, those settings are usually
*more* severe, not *less* severe, than the settings for the Internet
zone. Hence the warnings you're referring to.

To test you page locally, ie. running it from your hard dsk, you need
to tell IE to run it under the Internet zone security settings, not the
Local Computer zone settings. To do that, just add the following line
to the top of the file, and leave it in there permanently:

<!-- saved from url=(0014)about:internet -->

This is called, the "mark of the web" or MOTW. Google those terms for
more information.

Some people mistakenly think that the MOTW is a security problem.
That's not true, it shows a misunderstanding of how the security
features work. It's not a security hole of any description.

If you reply to this post, please note that l will not be in a position
to read this thread again for several days.

HTH,
TC (MVP MSAccess)
http://tc2.atspace.com

 

[Doug van Vianen]

Hi Tony,

Thank you for your response.

Yes, I understand that it is the Internet Explorer. But it is not my
Internet Explorer that I am worried about. It is the Internet Explorer of
the people who view my web pages. Many are seniors or others that are not
too computer literate and even some that are somewhat afraid of
computers--especially of the viruses etc. that they hear about all the time.
These people often have their settings set to block anything except the very
innocuous material. Perhaps it is the people they purchase their computers
from who do not want to be bothered by having to remove viruses or other
malicious things.

But I was hoping that perhaps there were some things I could do in the
JavaScript coding to help matters. I guess not.

Thank you for your comments.

Doug.

 

[pegasusflightresources]

Tony said the following on 6/8/2006 9:06 PM:

Security Zone that the document is in.

Dear Sir,
And yet the Security Zone is used for blocking or allowing access to
Cookies, not JavaScript.
To the Original Poster:
Dear Sir,
You may be able to use VBScript instead, as most browsers do not
currently block VBScript, and VBScript is fairly similar to JavaScript
in it's functions. Otherwise, you can't pass the security blocking of
MSIE or other browsers unless the client specifies in their settings
that they want to allow JavaScript, or if they allow JavaScript on that
page through the security pop-up, but from your explanation of the
people who use your site, "seniors", probably would not know how to do
this, nor why they would do this.
By the way, that was pretty funny.

I have the honor to remain your most humble and Ob't Sv't in our war
against the King.

 

[Randy Webb]

(e-mail address removed) said the following on 6/10/2006 11:35 AM:

Dear Sir,
And yet the Security Zone is used for blocking or allowing access to
Cookies, not JavaScript.

I will give you two to one that you didn't bother testing that as what
you say is patently false. The Security Zone can be totally opposite
from the Local Zone and the Internet Zone and is used for scripting as
well as cookies or any other setting in IE.

To the Original Poster:
Dear Sir,
You may be able to use VBScript instead, as most browsers do not
currently block VBScript, and VBScript is fairly similar to JavaScript
in it's functions.

VBScript is IE only but that aside, if you block Javascript you block
VBScript as well. The setting is not to disable Javascript, it is to
disable Scripting.

Otherwise, you can't pass the security blocking of MSIE or other browsers
unless the client specifies in their settings that they want to allow
JavaScript, or if they allow JavaScript on that page through the security
pop-up, but from your explanation of the people who use your site, "seniors",
probably would not know how to do this, nor why they would do this.
By the way, that was pretty funny.

And everything you said applies to VBScript as well on a webpage, other
than that VBScript is IE only so it wont work in any other browser
anyway no matter *what* the security settings are.

 

[TaraC]

I have a similar problem. I tried putting the Mark of the Web code in
when testing locally. Yes, the annoying warning goes away but it seems
to disable links to pages outside the one with the code inserted.
Next, I tried editing the Internet Explorer (v6) settings to allow
scripting by setting 'enable' on anything to do with scripts in both
the local and internet zone. It still blocks any javascript as if I
hadn't even changed the settings. -and yes, I tried from the
Administrator account too. This problem came up when I had my
workstation changed from 2000 to XP. To test the javascript in the
pages, I have to click the 'allow blocked content' setting every time I
open the browser again.

I doubt that your scripts are the cause of the problem. I have pages
with very simple rollover effects made using Macromedia Dreamweaver 8
triggering it. Do you think Microsoft is hoping to wipe out javascript
in the guise of security? Can't IE tell the difference between a
commonly used javascript and something more harmful?

Hopefully, IE developers take notice of these issues.