Warning when scripting an ActiveX control.

D

Dave

I have this sample HTML code:

<html>

<head>
<script type="text/javascript">
var WinHttpReq = new ActiveXObject("WinHttp.WinHttpRequest.5.1");
</script>
</head>

<body>
</body>

</html>

As you can see it really does nothing but instantiate an ActiveX
control.

Loading the page off my desktop into IE6 results in this warning:

"An ActiveX control on this page might be unsafe
to interact with other parts of the page. Do you
want to allow this interaction?"

I'd like to turn this warning off since

* It's not a random ActiveX control it's a standard MS component
* It's not being installed from the internet. It's being loaded and run
from the local machine.

but from my reading I may not be able to do that. Does anyone know how
I can let IE6 know that it's safe to instantiate this object?

Thanks
 
W

Wintersrush

Hi
I am having the same issue. I have enabeled EVERYTHING on my computer,
active x, java this that and the other, and I still get that damn
warning and it won't load. *sigh* I would be equally grateful if
someone can tell me how to rub my computer belly just right to make it
work.

I've even went as far as to put everything on the lowest security
settings possible and shut off ALL the AntiSpyware crap from Microsoft
(just in case , since its Beta 1) but to no avail it still gave me that
little annoying error.

So I just put everything back up to full security since then.

*grumbles bastards*
 
D

Dave

In my case, if I click "Yes" on the warning the ActiveX control does in
fact load and it behaves correctly but I'm just trying to avoid being
asked each time.
 
W

web.dev

Dave,

Have you tried going to (on IE) Tools > Internet Options > Security >
Custom Levels and then setting everything under Active X Controls &
plug-ins to be "Enabled" ?
 
B

Bonnett

Dave said:
Loading the page off my desktop into IE6 results in this warning:

"An ActiveX control on this page might be unsafe
to interact with other parts of the page. Do you
want to allow this interaction?"

I'd like to turn this warning off since

* It's not a random ActiveX control it's a standard MS component
* It's not being installed from the internet. It's being loaded and run
from the local machine.

but from my reading I may not be able to do that. Does anyone know how
I can let IE6 know that it's safe to instantiate this object?

Thanks

I think you need the "Mark of the web" on your page -
http://www.phdcc.com/xpsp2.htm#markoftheweb - assuming you are using
IE6 SP2 that is.
 
D

Dave

Yes, I've set everything that I could to enable on both the "internet"
and "local intranet" zones.

Did you try the code in the original post? Did you see the same
problem?
 
D

Dave

I believe I've set everything with an "enable" option to enable in the
Internet, Local intranet and Trusted sites zones. This is in the
security tab of IE's Internet Options dialog...

Were you able to bring up the code from the original post without an
error?
 
M

michael elias

If your site is intended for intranet use, use a hta file. They are a
more trusted version of IE and won't show you that pesky warning.
Pretty dumb from MS to even show that warning if it's one of their own
ActiveX' . Even the use of filters and transitions will show the
warning. tssss
 
D

Dave

It's not necessarily intended only for intranet use but I felt that was
the easiest case to handle first.

I'm not familiar with hta files but I'll do some google research. If
you have a good site for me that will explain how hta files may help me,
please pass it along.

I agree it seems crazy, I'm not asking users to download some unknown
ActiveX control, I'm just trying to use something that's part of
windows.

Thanks for the ideas...
 
D

Dave

I think you need the "Mark of the web" on your page -
http://www.phdcc.com/xpsp2.htm#markoftheweb - assuming you are using
IE6 SP2 that is.

I updated to SP2 and there was no change to the behavior so I looked
more closely at the web site you sent me and I don't think it will help
me.

First of all I tried it, and on the simple example I posted, it worked.
However, it seems that the mark of the web prevents "get" messages from
being sent by javascript on the page. I need to do that because the
page will be using AJAX to update itself.

Also, although I'm developing the html on my local machine, the html
will ultimately be delivered by an app server like any other web page.

To me the critical point is that the ActiveX control I want to access
will be on the user's local machine and will not have to be downloaded.

I would think that there would be some way of indicating that local
objects can be run, or that web pages from our site are safe or
something.

Unfortunately they seem to want to make this warning almost unstoppable
 
D

Dave

This seems even stranger. Consider this new version of the code from my
original post:

<html>

<head>
<script type="text/javascript">
alert("one");
var req1 = new ActiveXObject("Microsoft.XMLHTTP");
alert("two");
var Req2 = new ActiveXObject("WinHttp.WinHttpRequest.5.1");
alert("three");
</script>
</head>

<body>
</body>

</html>

If I run this under IE6 (now SP2) I get alerts "one" and "two" and THEN
a warning about active content.

Why is IE happy with creating the first ActiveX object and not the
second?

(below is my first post on the subject for context)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,482
Members
44,901
Latest member
Noble71S45

Latest Threads

Top