J
Josh Mayfield
Note: There is considerable background detail here, but I do have
three questions, which are clearly marked and appear right before the
sample code.
I have a legitimate need to launch an EXE from an HTML page on Windows
XP/Internet Explorer. The EXE is already locally installed, and the
HTML page is also viewed locally on the PC- it's not a web site. I
know of two ways to do this, both of which are featured in the sample
HTML file at the bottom of my post.
The first method, using the Shell.Application ActiveX Object, used to
work until I installed the latest critical Windows XP patches from
Microsoft. Before these patches were installed, you could click the
‘Launch Notepad.exe' button in my sample HTML file and the program
would start right up. (Note that my Internet security settings are
always at Medium, my Local intranet security settings are at
Medium-low, and I've never had to mess with the individual ActiveX
security settings to get this code to work.)
However, one of the following critical updates has broken the ‘Launch
Notepad' code. It doesn't matter what my Internet/intranet security
settings are, or whether I've enabled unsafe ActiveX scripting. My
list of suspects is: KB842773, KB840315, KB841873, KB839645. (I have
four computers running Windows XP SP-1 at my desk, and each has the
same version of Internet Explorer installed-
6.0.2800.1106.xpsp2.030422-1633. The Launch Notepad code stopped
working on two of them this week, and still worked on the other two.
As a test, I ran Windows Update on one of the working systems and
found that after the patches were applied, my code no longer worked. I
even restored that machine's pre-patched ghost image and confirmed
that the code worked again. Next, I ran Windows Update a second time,
and allowed the aforementioned patches to be installed. Again, it
broke my code.)
You can confirm whether you have these patches installed on your
machine a number of ways, but perhaps the easiest is to open your
Windows folder and look for ‘$NtUninstallKBxxxxxx' folders with names
matching the patches I listed.
And then there's the second method, used by the ‘Launch Regedit.exe'
button. While this will actually still launch the EXE file, it's
undesirable because it always prompts you with a dialog that starts
out "An ActiveX control on this page might be unsafe…" Note that this
even happened before the patches, again regardless of the
Internet/Local intranet security settings.
* QUESTION 1: Is there any way to get ShellExecute to work again once
the new critical updates are installed?
* QUESTION 2: Failing that, how can I get around the unsafe control
warning with the Wscript.Shell method, for a local HTML file that's
trying to launch a local EXE?
* QUESTION 3: Is there any OTHER way for an honest guy like me to
launch a local EXE from a local HTML file?
Thanks, and here's the sample HTML file:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<script type="text/javascript" language="JavaScript">
function LaunchNotepad()
{
var launcher = new ActiveXObject("Shell.Application");
launcher.ShellExecute("Notepad.exe", "", "", "open", "1");
}
function LaunchRegedit()
{
var launcher = new ActiveXObject("WScript.Shell");
launcher.Run("Regedit.exe");
}
</script>
</head>
<body>
<form name="Form1">
<input name="ButtonNotepad" value="Launch Notepad.exe"
onclick="LaunchNotepad()" type="button"> <br>
<br>
<input name="ButtonRegedit" value="Launch Regedit.exe"
onclick="LaunchRegedit()" type="button">
</form>
</body>
</html>
three questions, which are clearly marked and appear right before the
sample code.
I have a legitimate need to launch an EXE from an HTML page on Windows
XP/Internet Explorer. The EXE is already locally installed, and the
HTML page is also viewed locally on the PC- it's not a web site. I
know of two ways to do this, both of which are featured in the sample
HTML file at the bottom of my post.
The first method, using the Shell.Application ActiveX Object, used to
work until I installed the latest critical Windows XP patches from
Microsoft. Before these patches were installed, you could click the
‘Launch Notepad.exe' button in my sample HTML file and the program
would start right up. (Note that my Internet security settings are
always at Medium, my Local intranet security settings are at
Medium-low, and I've never had to mess with the individual ActiveX
security settings to get this code to work.)
However, one of the following critical updates has broken the ‘Launch
Notepad' code. It doesn't matter what my Internet/intranet security
settings are, or whether I've enabled unsafe ActiveX scripting. My
list of suspects is: KB842773, KB840315, KB841873, KB839645. (I have
four computers running Windows XP SP-1 at my desk, and each has the
same version of Internet Explorer installed-
6.0.2800.1106.xpsp2.030422-1633. The Launch Notepad code stopped
working on two of them this week, and still worked on the other two.
As a test, I ran Windows Update on one of the working systems and
found that after the patches were applied, my code no longer worked. I
even restored that machine's pre-patched ghost image and confirmed
that the code worked again. Next, I ran Windows Update a second time,
and allowed the aforementioned patches to be installed. Again, it
broke my code.)
You can confirm whether you have these patches installed on your
machine a number of ways, but perhaps the easiest is to open your
Windows folder and look for ‘$NtUninstallKBxxxxxx' folders with names
matching the patches I listed.
And then there's the second method, used by the ‘Launch Regedit.exe'
button. While this will actually still launch the EXE file, it's
undesirable because it always prompts you with a dialog that starts
out "An ActiveX control on this page might be unsafe…" Note that this
even happened before the patches, again regardless of the
Internet/Local intranet security settings.
* QUESTION 1: Is there any way to get ShellExecute to work again once
the new critical updates are installed?
* QUESTION 2: Failing that, how can I get around the unsafe control
warning with the Wscript.Shell method, for a local HTML file that's
trying to launch a local EXE?
* QUESTION 3: Is there any OTHER way for an honest guy like me to
launch a local EXE from a local HTML file?
Thanks, and here's the sample HTML file:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<script type="text/javascript" language="JavaScript">
function LaunchNotepad()
{
var launcher = new ActiveXObject("Shell.Application");
launcher.ShellExecute("Notepad.exe", "", "", "open", "1");
}
function LaunchRegedit()
{
var launcher = new ActiveXObject("WScript.Shell");
launcher.Run("Regedit.exe");
}
</script>
</head>
<body>
<form name="Form1">
<input name="ButtonNotepad" value="Launch Notepad.exe"
onclick="LaunchNotepad()" type="button"> <br>
<br>
<input name="ButtonRegedit" value="Launch Regedit.exe"
onclick="LaunchRegedit()" type="button">
</form>
</body>
</html>