Bug Tracker

Opened 9 years ago

Closed 9 years ago

#6816 closed bug (fixed)

ActiveX issues with IE with restrictive security settings

Reported by: chris.fewtrell Owned by:
Priority: Milestone:
Component: unfiled Version: 1.3.2
Keywords: Cc:
Blocked by: Blocking:

Description

1.3.2 issue that affects IE with restrictive security settings.

The line 3122 in the 1.3.2 codebase causes the following error dialog in IE6 "Your current security settings prohibit ActiveX controls on this page. As a result, this page may not display correctly".

In IE7 you get a similar message but in the "warning bar" at the top of the screen, which is far less intrusive.

The code in question is

div.innerHTML = ' <link/><table></table><a href="/a" style="color:red;float:left;opacity:.5;">a</a><select><option>text</option></select><object><param/></object>';

And the problematic issue (as far as I can see) is that we are creating an <object> element within the div's content. This is not allowed if IE has the security option "Run ActiveX controls and plug-ins" set to "Disable" or "Administrator approved". Also, a corporate customer has reported this issue even with this option set to "Enable" - but I have not been able to reproduce locally.

I have "fixed" the issue by simply removing the offending text "<object><param/></object>" and then knobbling the code on line 3142

objectAll: false,

(it used to read

objectAll: !!div.getElementsByTagName("object")[0].getElementsByTagName("*").length, )

Does this seem like a sensible fix/patch?

Change History (1)

comment:1 Changed 9 years ago by dmethvin

Resolution: fixed
Status: newclosed

This was fixed in 1.4.

Note: See TracTickets for help on using tickets.