DHTML Drag and Drop Broken

J

Joe Turek

I store images in a database instead of the filesystem. I deliver these
images via a page that uses Response.OutputStream to send the bytes back to
a calling page. So a given page on my site will embed an image like this:
<img id="imageone" src="http://localhost/image.aspx?id=20"></img>

I display a page with a gallery of these images for users to drag into a
content editor for the CMS portion of the site.

All of this has worked fine. However, it breaks when users install the
Internet Security update MS04-038. Users are no longer able to drag images
(although they can still copy and paste them). KB article
http://support.microsoft.com/default.aspx?scid=kb;en-us;887614 states that
some DHTML drag and drop operations are blocked after applying this security
update The workarounds say to ensure that you use valid images.

My questions: What are the criteria for determining if an image is valid? Is
there some way to modify the response stream so IE views my dynamically
delivered images as valid?

Thanks in advance,
Joe
 
K

Kevin Yu [MSFT]

Hi Joe,

We have reviewed this issue and are currently researching on it. We will
update you ASAP. Thanks for your patience!

Kevin Yu
=======
"This posting is provided "AS IS" with no warranties, and confers no
rights."
 
S

Steven Cheng[MSFT]

Hi Joe,

Welcome to ASP.NET newsgroup. As for the problem you mentioned, the kb
article describe the "valid image" as below:

=================
Valid images have an src attribute or a dynsrc attribute, or both,
specified. Also, the value of the src attribute is set to a valid image or
the value of the dynsrc attribute is set to a valid video file, or both.
=================

Based on my understanding, the "valid image or valid file" should means a
qualified image url which should be static url rather than dynamic document
url. For example:

http://servername/appname/images/image1.gif
should be a valid path

and

http://servername/appname/image.aspx?id=1

is not a valid path.

I'm not sure whether we can use a HttpHandler to workaround this, but I do
suggest you have a try use a HttpHandler to output the dynamic image
streams and make the URL more static like. For example: the httphandler can
accept "*.image" , and retreive the dynamic image according to the "*"
value.

In addition, I'll also do some further research to see whether there is any
more standard means to resolve the problem. I'll update you if I got any
new info. Thanks.


Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
 
S

Steven Cheng[MSFT]

Hi Joe,

Have you gone through the problem yet? From my further research, currently
we seems haven't any better means one this since it's the clientside
browser that limit the image stream's source URI.

Thanks & Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top