[Javascript] Opening a Window without blocking ??

liorean liorean at gmail.com
Wed Nov 24 10:42:23 CST 2004 

On Wed, 24 Nov 2004 15:25:11 -0000, Tim Makins <spindrift at oceanfree.net> wrote:
> Your first point, about user-action - do you mean something like this ?

Yes, I meant something like that. However, beware that the setting of
window.opener allowing closing a window not opened by script was a
long-lived bug htat is now fixed in recent security updates to ie6w,
which are included in WinXPSP2.

> On your other point, HTA and Signed Scripting: I have spent the morning looking through the Internet to see what else I could learn about this. HTA turned out to be not so good here, as I do need the Status Bar to be on show, and it doesn't provide one. It shouldn't be too difficult for me to add a lower frame that mirrors it, though, if that turns out to be the best way to go. I obviously need to look in this some more, and see what needs to be changed on each html page. Do you know if HTA will definitely be OK in XP-sp2 ?

They should. However, Microsoft are quite good at documenting things -
especially when they want developers to use their technology instead
of that of their opponents. So, if there are changes that affect HTA,
they'll probably be mentioned somewhere on MSDN. (As a tip, Google is
much better for searching MSDN than the Microsoft search engine is.
Using 'site:msdn.microsoft.com' in a Google search is much more likely
to turn up what you want than the corresponding search using MSDN's
engine.)

> Do you have a link to a resource that explains how to use scripted signing for html pages ?

Well, not anything superbly great, no. Mozilla has some documentation
of their mechanisms here:
<uri:http://www.mozilla.org/projects/security/components/signed-scripts.html>
The Microsoft way is through Authenticode
<uri:http://msdn.microsoft.com/workshop/security/authcode/authenticode_node_entry.asp>,
but the two most commonly used ways to increase the number of things
you are allowed to do are using HTA or making sure your page is run in
a security zone that isn't as restrictive. The local machine zone is
the one you seem to be most interested in. See
<uri:http://msdn.microsoft.com/workshop/security/szone/overview/overview.asp#SecurityZones>

> I am still working through the XP security link you provided - wow there's a frighteningly large amount in there for web designers !!

Yep. But if you take a hike to the official changes documentation
you'll find just the documentation (in MS Word format, of course) of
the browsing changes is 600kb. The documentation of the networking
changes is 434kb. Out of a total of 2Mb of documentation for a 266Mb
upgrade, that's rather hefty.
-- 
David "liorean" Andersson
<uri:http://liorean.web-graphics.com/>

More information about the Javascript mailing list