5 Replies Latest reply on Nov 24, 2006 6:10 PM by johnmccallum

    Security messages with JavaScript

      I'm using the JavaScript command window.open(...) to create a secondary window. If the topic that loads in the secondary window has JavaScript code in it, I am getting the following message:

      "To help protect your security, Internet Explorer has restricted this file from showing active content that could access your computer. Click here for options..."

      Does anyone know how I can avoid this message without getting rid of the JavaScript?
        • 1. Re: Security messages with JavaScript
          Roger N Level 2
          Brian -

          Ignore it. This message only displays when viewing the html file from your desktop. Once uploaded to your server, it will not display. For more info, search this forum, or Google, for "Mark of the Web".
          • 2. Re: Security messages with JavaScript
            brian_c&p Level 1
            Roger -

            Microsoft's page on MOTW ( http://msdn.microsoft.com/workshop/author/dhtml/overview/motw.asp) cleared up a lot - thanks for bringing this to my attention.

            This is going to be run as a .chm file from a cd or the local disk, so I have to use "<-- saved from url=(0014)about:internet -->". When I tested this with the straight html files, it fixed the problem.

            Unfortunately, when RoboHelp compiles the chm file, it strips this line out. Is there any way for me to command RH to leave this in?


            - Brian
            • 3. Re: Security messages with JavaScript
              Roger N Level 2
              Brian -

              The MOTW may have eliminated the message, but it also disables your script. Is there any way you can bring up this page within your .chm, rather than a secondary window? That would be ideal.

              Also, you will notice a slightly different message, and different behavior, when viewing the page from a CD. Either way, it asks for user confirmation before opening the pages.

              It's a security issue, and the whole point of it is to provide users with a bit of protection from launching scripts helter-skelter that could do damage. I'm not sure about your specific needs, but perhaps you can use a different format on the user machine, such as a second .chm, a .pdf or a .rtf file, or if need be, an .exe???

              You might want to check out this thread; if nothing else, it should help assure you that you are not alone....

              http://www.adobe.com/cfusion/webforums/forum/messageview.cfm?forumid=65&catid=451&threadid =1138639&highlight_key=y&keyword1=motw

              • 4. Re: Security messages with JavaScript
                brian_c&p Level 1
                MOTW doesn't eliminate the message - RoboHelp is removing the MOTW when it compiles the .chm file.

                The secondary topic needs to be viewable alongside the primary topic - I tried this with frames and new windows, and neither appears to function properly, for various reasons.

                I tried to create a separate .chm for the secondary topics, but when the primary calls those topics, they appear in the primary window, defeating the purpose of splitting them up.

                My other option is to put the script in the link (ala RoboWizard's technique), but this has its own problems:
                -these links will have to be edited/created frequently by people who are not going to understand scripting
                -this breaks the link view option in robohelp, because the link source is now a javascript instead of a topic

                For these reasons, I am attempting to embed code into the template for secondary topics to spawn a new window with the secondary topic, and return the main window to the primary topic. This way, the other writers never have to deal with any scripting and the link view still works. I have tested this method, and it works fine, with the exception of the "restricting active content" message.

                If you have any other ideas for how I might be able to approach this, I'd love to hear them.

                - Brian
                • 5. Re: Security messages with JavaScript
                  Level 2

                  If you compile with Help Workshop it won't touch the code,

                  Another way to open a secondary window is by using a Related topics item. This will not run into the security issues. The Related Topics object will allow you to assign a secondary window. You need to automate it opening. Rick Stone has instructions for this in his Tips and Tricks file. You can download that from his website. There are also instructions in the Help Workshop help file.

                  Good luck.