Re: IE6 in XPSP2 - background-image causes security alert!!

From: Dave Massy [MS] (DMassy_at_Microsoft.com)
Date: 09/14/04 

Date: Tue, 14 Sep 2004 12:24:13 -0700

Hi Peter,
The use of expressions invokes the script engine so it is treated as running
script. The default security settings for Windows XP SP2 would mean that
this will not run in the local machine zone as active content is disabled.
This means executing the html file directly off the hard drive will block
active content from running. This content should function fine though from
an http server.
For full details of the changes for Windows XP SP2 take a look at
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2chngs.mspx

Thanks
Dave Massy
Senior Program Manager
Internet Explorer
Microsoft Corporation

"Peter Row" <***.you@spammers.com> wrote in message
news:u5yZUdomEHA.748@TK2MSFTNGP15.phx.gbl...
> Hi,
>
> It's not the fact that it does it as such, it's what it does it on.
> For example if a CSS file has a declaration like:
>
> .myClass {
> width: expression(myID.clientArea - 4)
> }
>
> Then this will cause the info bar to pop up and you have to
> allow blocked content.
>
> This is absolutely ridiculous!
> The above CSS is not script or activeX so what the hell
> is it blocking it for.
>
> I'm all for better security but stuff like this is stupid!
> It should be allowed even if security is set to high.
>
> Regards,
> Peter
> "Ricky" <rsjoiner@no_spambellsouth.net> wrote in message
> news:2e_0d.53398$Np2.42746@bignews4.bellsouth.net...
> > See if this helps..
> > http://www.winxptutor.com/LMZUnlock.htm
> >
> > "Peter Row" <***.you@spammers.com> wrote in message
> > news:OS%2339$JmEHA.2880@TK2MSFTNGP14.phx.gbl...
> >> Hi,
> >>
> >> If I use a CSS file or an inline style attribute on a tag that
> >> includes the background-image property with the URL to
> >> my image, then on WinXP SP2 IE6 the information bar
> >> pops up and says:
> >>
> >> "To help protect security, Internet explorer has restricted
> >> the file from showing active content that could access
> >> your computer. Click here for options..."
> >>
> >> If I then click the info bar and say "allow bocked content"
> >> I get a message box saying:
> >>
> >> "allowing active content such as script and activeX controls
> >> can be useful, but active content might also harm your
> >> computer, Are you sure you want to let this file run active
> >> content?"
> >>
> >> If I click Yes to this the page runs as normal.
> >> However all thats happening is a background image is being
> >> downloaded due to a CSS command. It is not active at all.
> >>
> >> I think this is a bug in the new super tight security of XP SP2.
> >> Anybody else have similar troubles, or know how to stop the
> >> message/info bar popping up.
> >>
> >> Regards,
> >> Peter
> >>
> >
> >
>
>