Re: Security says javascript mouseovers are Dangerous ????

From: Richard (Richard_at_pridge.uk.uk)
Date: 09/08/04 

Date: Wed, 8 Sep 2004 14:40:12 +0100

Some people said things, and then:-
Code-Curious Mom added

Thank you thank you thank you! The poxy thing was driving me nuts.

This is all now saved in my useful things to know archive.

The url fix is fine for my web page, but something of a pain to use with
a program that has 100 html help pages - so it looks like I shall be
carefully going off line before 'enable content' for some help files.

Once again, many thanks. 

--
Richard
> I had a similar situtation with local HTML files used as custom start
>pages.    I'm using the 'Mark
>of the Web' method which you can find at
>
>http://msdn.microsoft.com/security/productinfo/XPSP2/securebrowsing/lock
>down_devimp.aspx
>
>It doesn't specify where in the HTML file it should go and most anywhere
>seems to work, but I had a file that actually was saved from the web, and
>there it was located at the top just before <HTML>.  Just be sure there are
>no spaces after  the
> -->
>(end of comment mark)
> and <HTML>.   Not sure why this has to be, but it won't work if there is a
>space there.  So something like:
>
><!-- saved from url=(0028)http://www.InternetZone.net/ -->
>
>at the top of your file immediately before <HTML> should fix it.    You can
>change InternetZone.net to a real web address if
>desired, it doesn't matter.  The 28 is the number of characters in the web
>address following, if you change the address, you'll have to modify the
>character count too.
>(Before I found this method, I had tried renaming the file to *.hta, but
>that lets off the menu and toolbar, which I didn't like at all.)
>
>
>I recommend the method above, but if you really want to totally disable this
>security feature (not all javascript or other active content is safe):
>right click IE|Properties|Advanced| scroll down to 'Security', check 'Allow
>active content to run in files on my Computer', click 'OK'.
>
>"Richard" <Richard@pridge.uk.uk> wrote in message
>news:wLSmzaD4auPBFwgp@squeaky.demon.co.uk...
>>
>>
>> I thought I'd pretty much disabled the security shield by following
>> helpful hints posted here, but not quite...
>>
>> In the days of my having dial up I pointed IE at my safe archive copy of
>> my own web page on drive c: rather than a remote web page which would
>> always give me a 404 if I wasn't connected.
>>
>> The information bar opens up whenever I do this and says possible
>> dangerous activeX blah blah blah, so I have to 'allow' my own page to load
>> off my own drive.
>>
>> There is *no* activeX or flash on this page.  Simple javascript mouseovers
>> and one standard animated gif.
>>
>> My IE security settings all look ok, and the proof of that is - if I load
>> my page off the web IE will download and display it without a murmur.  No
>> security type warning whatsoever - which is exactly as it should be.
>>
>> I have found now that other programs, which create help files in html and
>> load from drive C: instead of from on-line, all get the same security
>> treatment.
>>
>> How do I turn this off, please?
>>
>>
>> --
>> Richard, whose Squeaky Chair can be seen at http://www.squeaky.demon.co.uk
>>
>> "It wasn't raining when Noah built the ark." -Howard Ruff
>>
>
>
--