There is an issue I am facing in HTML page.
I have included a javascript code in that page due to which ActiveX warning message is thrown each time the HTML page is uploaded on local system.
To stop this warning being shown to the users, I have used MOTW (Mark of the Web) and included this code snippet at the top of the HTML Page:
<!-- saved from url=(0016)http://localhost-->
This line of code prohibits the warning prompt message.
But now the relative URLs on the page have stopped working.
Please help me find me a solution so that neither the ActiveX warning arises nor the relative links on the page should stop working.
Thanks in advance.
The ActiveX warnings should only arise when you are accessing your site from the local file system, for security reasons. When you access it through a (local or remote) web server the warnings should be gone.
Can you not use Apache (included in XAMPP), or something similar, to serve your pages (even locally, through http://localhost/)?
Edit:
Alternatively, you could disable that particular security setting in Internet Explorer (which I assume you use, because you mention ActiveX). Or you could try a different browser: Firefox, for example, does not have these restrictions.
Have you tried using a <base href="ENETERBASEURLHERE" />
Related
I often my test javascript snippet code using Chrome developer tools and I came up with debugging of inputing URL search bar: data:text/html, and running code chrome snippets.
This way works in Vue.js's CDN though some strange error message occurs.But,jQuery via CDN doesn't load like photo.
I want to know reason why these happens.Any tips would greatly help.
So,please give me advise if something occurs to you however it is little.
Edit:
I added photo load jquery snippets and it works in Google Home.
My html environment is reproducible only inputting your chrome browser's url_bar,data:text/html, <html contenteditable> which makes your browser html-editor and it can run javascript using script tag.
It is because your code is loading jQuery without a protocal ( http://, https:// ). The code you have loads the resource based on what your page uses for maximum security. Your page doesn't have use http:// or https:// unless it is online.
Change it to http:// and it will load, but if you're using SSL and your page is loading through https:// when online, then change it back to :// when it's online.
Try this nice JavaScript: http://www.patrick-wied.at/static/nudejs/demo/
Warning: slightly NSFW.
It won't work when i open it from my local machine. Either by copying the 3 exact source codes and making the picture locations absolute (or else by downloading https://github.com/pa7/nude.js/archive/master.zip).
I am lost why? it must be a silly/simple reason since the demo page is obviously working and JavaScript only, so why would it make a difference where you store it?
I think this is because of the browser security restrictions. are you opening the html file from the file system, instead of serving it from localhost? or are you referencing resources from another domain that does not have CORS enabled? Debugging with the console should help.
I am trying to troubleshoot the following issue. A client tried to download a word document and is getting the following error.
Your organization's policies are preventing us from completing this action
for you. For more info, please contact your help desk.
I believe this issue is because of cross-domain javascript. However, the file is being downloaded from a pop-up that doesn't stay on the screen long enough for me to do anything. It is an issue with IE8 / 9.
I can not find which javascript is opening the popup let alone which javascript is being run from within the popup. I am using fiddler to try and view the http requests and that is not helping.
Is there a way for me to debug what is happening within that popup? Is there a way to debug javascript to break on a type of condition being met?
EDIT:
I have tried working on this issue on my local environment and the same issue comes up. The popup appears to first come from the same domain https://company.aj.com, then goes to a different domain https://apps.aj.com and the file is being downloaded from the apps domain.
In Chromium, 'console.log()' lets you print to the error console, but only from javascript embedded in the html, or in a .js file on the local machine.
What are your workarounds for debugging Javascript that is contained in .js files on a remote machine and included in a page?
Add breakpoints and / or watch expressions.
See http://code.google.com/chrome/devtools/docs/scripts-breakpoints.html
I recently had to do this with a Facebook SDK javascript, hosted by Facebook. I downloaded the script and hosted it locally for debugging. I could then add in all the console.log messages I wanted.
When everything was done I removed the local file and returned to Facebook's hosted script.
Phil's suggestion of breakpoints is also very useful when you want the value of a variable at a specific location in the code.
Another useful technique for code executed upon a user action, such as a button click, is to use the Scripts tab of the Chrome inspector, or FireBug in FF, to edit the javascript prior to execution. I've had limited use for this, but it's quite useful from time to time.
The problem is cross-domain security policy. Only javascript from the domain of the html file can use console.log
I have a site, from which you can download an HTML file. This HTML file contains a form with hidden fields, which is right away posted back to the site using JavaScript. This is a way of allowing users to download to their own machine data that they edit on the site.
On some machines, you get an IE "yellow bar" when trying to open the file you saved. The "yellow bar" in IE is warning that the HTML is trying to run an Active X (which it is not, there is only JavaScript doing a submit() on a form). However if you receive the exact same HTML file by email, save it, and open it, you don't have this problem. (It looks like IE is putting some more constraint on what can be done in a HTML file you saved from web site.)
My question is: where can I find documentation on this IE security mechanism, and possibly how can I get around it?
Alex
The yellow bar is because your page is executing in the Local Machine security zone in IE. On different machines, the Local Machine security zone might be configured in different ways, so you can see the yellow bar on some machines and not see it on other machines.
To learn more about the IE's URL Security Zones, you can start reading here: http://msdn.microsoft.com/en-us/library/ms537183.aspx
Look here for details on the MOTW - Mark Of The Web
If you add this to your locally served pages, IE will not show the yellow bar.
http://msdn.microsoft.com/en-us/library/ms537628(VS.85).aspx
I am not usre about any specific documnet, but if you open the properties for the file in windows explorer on the general tab is the file blocked? if so click unblock and try again and see if you gte the same issue. This is typical security for files downloaded fom the internet.
Other than that i am afraid i dont know what else to suggest.
I don't 100% follow what your JavaScript is submitting to, but if you're submitting back to the original site from the downloaded copy you'll have a problem using JavaScript as all browsers treat cross-domain JavaScript as a security violation.
JavaScript isn't allowed to read or write to any site not on the current domain
As Franci had said it is becaue you are in the local machine security context and this allows scripts to create objects and execute code that could do harm to your PC. For example you can create a File System Object and perform tasks that an untrusted page shouldn't perform generally because it could be malicious in nature.
Have you tried changing the file name from yourname.html to yourname.hta to see if the security problem goes away?
More on HTML Applications (.HTA files): http://msdn.microsoft.com/en-us/library/ms536496%28VS.85%29.aspx