Ticket #6816 (closed bug: fixed)
ActiveX issues with IE with restrictive security settings
|Reported by:||chris.fewtrell||Owned by:|
1.3.2 issue that affects IE with restrictive security settings.
The line 3122 in the 1.3.2 codebase causes the following error dialog in IE6 "Your current security settings prohibit ActiveX controls on this page. As a result, this page may not display correctly".
In IE7 you get a similar message but in the "warning bar" at the top of the screen, which is far less intrusive.
The code in question is
div.innerHTML = ' <link/><table></table><a href="/a" style="color:red;float:left;opacity:.5;">a</a><select><option>text</option></select><object><param/></object>';
And the problematic issue (as far as I can see) is that we are creating an <object> element within the div's content. This is not allowed if IE has the security option "Run ActiveX controls and plug-ins" set to "Disable" or "Administrator approved". Also, a corporate customer has reported this issue even with this option set to "Enable" - but I have not been able to reproduce locally.
I have "fixed" the issue by simply removing the offending text "<object><param/></object>" and then knobbling the code on line 3142
(it used to read
objectAll: !!div.getElementsByTagName("object").getElementsByTagName("*").length, )
Does this seem like a sensible fix/patch?