[thelist] Mark of the Web

[John Dowdell]

Julian Rickards wrote:
> In Dreamweaver, there is a function called Mark of the Web. Its purpose is
> to insert a comment tag at the top of the page to suggest that the page was
> downloaded from the Internet (<!-- saved from url=(0014)about:internet -->).
> When designing pages that require an Active-X function, such as a page with
> a flash object, IE6 will not allow you to run them locally unless you either
> (1) click the popup bar in IE to allow the scripting to run or (2) insert
> this Mark of the Web into the page.
> If I left this Mark of the Web in the page and uploaded the page to my web
> site, might this pose a security issue for another user? Although there is
> an "Insert Mark of the Web", there is no "Remove Mark of the Web" so I am
> assuming that there is no security issue associated with this.

My memory is that IE6 or so introduced that "mark of the web" indicator 
so that you could develop and view your page on your local machine in 
the Microsoft browser... the HTML would be "marked" as a document which 
could enjoy full web privileges, rather than being handled as a local 
file, which might be subject to stricter security permissions.

(Other browsers haven't had to have this same taxonomy of security zones 
and what-all, because Microsoft's original design included 
system-altering abilities in their reader for documents you might browse 
to on the web.)

Summary: I don't remember any impact on normal web viewing of such HTML 
with a "mark of the web" tag -- that marker was originally for use when 
developing, and viewing web content from your local machine instead.

jd




-- 
John Dowdell . Adobe Developer Support . San Francisco CA USA
Weblog: http://weblogs.macromedia.com/jd
Aggregator: http://weblogs.macromedia.com/mxna
Technotes: http://www.macromedia.com/support/
Spam killed my private email -- public record is best, thanks.