Thursday, February 10, 2011

How to Allow JavaScript in Local HTML Files For Specific Files Only

This little annoying thing happens when you author an HTML file on your local computer and include JavaScript in it.

If you use Internet Explorer with default Security options your JavaScript code does not run and you get this information bar message:

"To help protect your security, Internet Explorer has restricted this webpage from running scripts or ActiveX controls that could access your computer. Click here for options..."

IE Help explains:
A webpage being displayed on your computer tried to run a script or ActiveX control. If you want to allow the control to run, click the Information bar, and then click Allow Blocked Content.
There is a way to turn this feature off. But it is not recommended by Microsoft. IE Help goes on:

"Can I turn off the Information bar?
Yes, you can, but we don't recommend it. If you do want to turn it off, you have to turn it off for each type of message..."
Turn it off for each type of message means you need to make several changes in several different places to disable protection. And they don't even have a map of where and how to turn off each type of message, only give a couple of examples.

OK, there is more help online, thanks to Google. Open Internet Options, Advanced tab, scroll down to Security section check "Allow Active Content to run in files on My Computer".

But what if I don't want to lower the advanced security settings? I want to be protected from potential risk and just allow running scripts from local files I created myself. Is there a way to disable the information bar message for some local files, without modifying IE security options? For example, I want all files blocked, except my own local HTML files that include JavaScript I need to run automatically?

It turns out there is a way to mark file as safe to run scripts in it. I tested it on IE 8 on Windows 7. All you need to do to automatically enable script is add a HTML commented indicating that the file was saved from some internet URL. There is a little trick - the comment needs to include a certain number equal to the number of characters in the URL.

Here is an example:

<!-- saved from url=(0020)http://regmagik.com/ -->
<html>
If you add saved from url line abouve to the local HTML file the script will not be blocked by IE.

<script>
your script goes here
</script>
</html>
Posted by at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)