Warning when scripting an ActiveX control.

[Dave]

I have this sample HTML code:

<html>

<head>
<script type="text/javascript">
var WinHttpReq = new ActiveXObject("WinHttp.WinHttpRequest.5.1");
</script>
</head>

<body>
</body>

</html>

As you can see it really does nothing but instantiate an ActiveX
control.

Loading the page off my desktop into IE6 results in this warning:

"An ActiveX control on this page might be unsafe
to interact with other parts of the page. Do you
want to allow this interaction?"

I'd like to turn this warning off since

* It's not a random ActiveX control it's a standard MS component
* It's not being installed from the internet. It's being loaded and run
from the local machine.

but from my reading I may not be able to do that. Does anyone know how
I can let IE6 know that it's safe to instantiate this object?

Thanks

 

[Wintersrush]

Hi
I am having the same issue. I have enabeled EVERYTHING on my computer,
active x, java this that and the other, and I still get that damn
warning and it won't load. *sigh* I would be equally grateful if
someone can tell me how to rub my computer belly just right to make it
work.

I've even went as far as to put everything on the lowest security
settings possible and shut off ALL the AntiSpyware crap from Microsoft
(just in case , since its Beta 1) but to no avail it still gave me that
little annoying error.

So I just put everything back up to full security since then.

*grumbles bastards*

 

[Dave]

In my case, if I click "Yes" on the warning the ActiveX control does in
fact load and it behaves correctly but I'm just trying to avoid being
asked each time.

 

[web.dev]

Dave,

Have you tried going to (on IE) Tools > Internet Options > Security >
Custom Levels and then setting everything under Active X Controls &
plug-ins to be "Enabled" ?

 

[Bonnett]

Loading the page off my desktop into IE6 results in this warning:

"An ActiveX control on this page might be unsafe
to interact with other parts of the page. Do you
want to allow this interaction?"

I'd like to turn this warning off since

* It's not a random ActiveX control it's a standard MS component
* It's not being installed from the internet. It's being loaded and run
from the local machine.

but from my reading I may not be able to do that. Does anyone know how
I can let IE6 know that it's safe to instantiate this object?

Thanks

I think you need the "Mark of the web" on your page -
http://www.phdcc.com/xpsp2.htm#markoftheweb - assuming you are using
IE6 SP2 that is.

 

[Dave]

Yes, I've set everything that I could to enable on both the "internet"
and "local intranet" zones.

Did you try the code in the original post? Did you see the same
problem?

 

[Dave]

I believe I've set everything with an "enable" option to enable in the
Internet, Local intranet and Trusted sites zones. This is in the
security tab of IE's Internet Options dialog...

Were you able to bring up the code from the original post without an
error?

 

[Dave]

I think you need the "Mark of the web" on your page -
http://www.phdcc.com/xpsp2.htm#markoftheweb - assuming you are using
IE6 SP2 that is.

Actually, I'm surprised to see that I'm NOT at SP2 on this computer.

I'm going try that first.

 

[michael elias]

If your site is intended for intranet use, use a hta file. They are a
more trusted version of IE and won't show you that pesky warning.
Pretty dumb from MS to even show that warning if it's one of their own
ActiveX' . Even the use of filters and transitions will show the
warning. tssss

 

[Dave]

It's not necessarily intended only for intranet use but I felt that was
the easiest case to handle first.

I'm not familiar with hta files but I'll do some google research. If
you have a good site for me that will explain how hta files may help me,
please pass it along.

I agree it seems crazy, I'm not asking users to download some unknown
ActiveX control, I'm just trying to use something that's part of
windows.

Thanks for the ideas...

 

[Dave]

I think you need the "Mark of the web" on your page -
http://www.phdcc.com/xpsp2.htm#markoftheweb - assuming you are using
IE6 SP2 that is.

I updated to SP2 and there was no change to the behavior so I looked
more closely at the web site you sent me and I don't think it will help
me.

First of all I tried it, and on the simple example I posted, it worked.
However, it seems that the mark of the web prevents "get" messages from
being sent by javascript on the page. I need to do that because the
page will be using AJAX to update itself.

Also, although I'm developing the html on my local machine, the html
will ultimately be delivered by an app server like any other web page.

To me the critical point is that the ActiveX control I want to access
will be on the user's local machine and will not have to be downloaded.

I would think that there would be some way of indicating that local
objects can be run, or that web pages from our site are safe or
something.

Unfortunately they seem to want to make this warning almost unstoppable

 

[Dave]

This seems even stranger. Consider this new version of the code from my
original post:

<html>

<head>
<script type="text/javascript">
alert("one");
var req1 = new ActiveXObject("Microsoft.XMLHTTP");
alert("two");
var Req2 = new ActiveXObject("WinHttp.WinHttpRequest.5.1");
alert("three");
</script>
</head>

<body>
</body>

</html>

If I run this under IE6 (now SP2) I get alerts "one" and "two" and THEN
a warning about active content.

Why is IE happy with creating the first ActiveX object and not the
second?

(below is my first post on the subject for context)