VBScript give ActiveX warning 3

[alfordjj]

I'm making a web page form that uses VBScript in order to do some things. The problem is that every time the web page loads, I get a pop-up box that tells me the page is using ActiveX controls and asks if I really want to do this.

I have found the offending setting ("Initialize and Run ActiveX Controls Not Marked as Safe") and even the registry key where it is stored. How do I get the web page to change that setting? I have tried making a .reg file, but all that does is add more pop-ups.

Or, how do I mark my page as safe?

Much thanks in advance!!!

 

[kaht]

try asking in the VBScript forum, this doesn't really have anything to do with HTML or CSS

forum329

-kaht

[small]How spicy would you like your chang sauce? Oh man... I have no idea what's goin' on right now...[/small]

 

[Rieekan]

The reason for this is that Microsoft was sued by another company over how the ActiveX works. Take a look at the article posted on the MSDN forum regarding this.

 

[BillyRayPreachersSon]

Glenmac posted an article in the JavaScript forum 4 days ago that might fix this. See the post, "IE7 object fix", here: thread216-1230048

Hope this helps,
Dan

Coedit Limited - Delivering standards compliant, accessible web solutions

[tt]Dan's Page [blue]@[/blue] Code Couch

http://www.codecouch.com/dan/

[/tt]

 

[alfordjj]

That's good info, but it's not the error I'm having. (Guess I should have posted the message I'm getting the first time!!)

Here is what the message box says: "An ActiveX control on this page might be unsafe to interact with other parts of the page. Do you want to allow this interaction?"

It's a simple dynamic form, and shouldn't have any issues surrounding it. I've gone to other dynamic forms recently and not gotten that message. If I change the "Initialize and Run ActiveX Controls Not Marked As Safe" security setting to "Allow" it works just fine.

What I need to do is change that setting on the client machines, or mark the page as safe. I would prefer to mark it as safe, but don't know how to do that.

Thanks!!!

 

[trollacious]

Are you viewing this page locally, or through a web server (has HTTP:// at the beginning of the URL). Try it through a web server to avoid the message you're getting.

Lee

 

[alfordjj]

I put it on our web server and tried it by navigating to it through a link, but it still gives me the error message.

All I did was copy and paste the file over to the server. Do I need to publish it with MS Front Page, or something similer?

Thanks!!

 

[Foamcow]

Are you accessing the file by typing

http://blah.whatever

into your browser address bar?
Or are you simply drag/dropping or file->open(ing) the file?

The file needs to be served by the webserver as a webpage.

<honk>*:O)</honk>
Foamcow Heavy Industries - Web site design in Cheltenham and Gloucester
Ham and Jam - British & Commonwealth forces mod for Half Life 2

 

[alfordjj]

I haven't typed the URL in, but I did surf to it from our main web page. Went through the pages then clicked on a link that loaded the page. It still gave me that message.

Is there something I need to do in order to make it be served correctly?

 

[trollacious]

You're still not answering the question that 2 of us have asked about whether the URL you're going to starts with HTTP:// or not.

How about giving us the URL so we can see for ourselves what's happening?

Lee

 

[alfordjj]

I'm sorry, you're right. I missed that part.

Yes, it does start with

http://.

I'm not at work right now, but in the morning I will post the full URL.

Thanks for your time. Sorry I didn't get what you were trying to ask me.

 

[ChrisHunt]

ActiveX controls can be mis-used to pose a security threat to machines, that's why you get that message when IE encounters one. There's no way to unilaterally mark up the control as "safe" - think about it: if such a method existed, the scumbags that use bad ActiveX controls would be the first to use it.

I suspect that what you'll have to do is get your visitors to put your site in the "trusted sites" zone (go to Tools>Internet Options>Security), but even then they may need to change their settings. You should also be aware that if this form is intended to work over the internet, as opposed to an intranet, it won't work on anything but IE - as other browsers won't run ActiveX at all.

So the real question to ask is what does this Activex component do? Do you really need it in the first place? Finding a non-ActiveX solution (if possible) will probably be easier than changing all those client settings, and have the benefit of making your site more accessible too.

-- Chris Hunt
Webmaster & Tragedian
Extra Connections Ltd

 

[alfordjj]

Before I go any further, here is that URL:

http://iww.companyname.com/sites/Sitename/ITClientServices.htm

This is simply an Intranet site page. It is for sending a work request to our help desk. It grabs the Username and Computername from the person sending the request, then e-mails the request off to our Help Desk for them to process.

Actually, I wasn't aware I was using ANY ActiveX controls. I just used VBScript. But IE tends to see all the VBScript as an ActiveX conrol for me. Perhaps I'm doing something wrong.

Here is a bit of my code that gets the Username and puts it in a textbox.

<script type="text/vbscript">
      dim UText, UName, Usize, UTabindex
      
  	Set ObjNet = CreateObject("Wscript.Network")
        
	UText="text"
	UName="VUsername"
	USize="20"
	UTabindex="1"	
        
		document.write("<dev><input type=" & UText & " name=" _
& UName & " size=" & USize & " value=" & ObjNet.UserName _
& " tabindex=" & UTabindex & "></dev>")

    Set ObjNet = Nothing
          </script>

If we turn the setting to run all unknown ActiveX scrips then it works fine. The problem is that we do not have access to global permissioning and can't do that universally.

Perhaps this is more of an issue with how my VB code is set up and I posted in the wrong forum. If you can tell by looking at the little snippet of code there, please let me know. I'm not trying to bug people, just get this thing to work.

Thanks a ton!

 

[trollacious]

This

Set ObjNet = CreateObject("Wscript.Network")

is using an ActiveX control object. I'm afraid in this instance you'll have to set all the computers to run the ActiveX controls if you want this to work. Can you imagine just anyone being able to write something that will access private information on a computer without the user's approval? That's what you're asking to do here.

Lee

 

[alfordjj]

Ok, I get it.

Thanks to everyone for all their help!!! Sorry I was a bit slow on the uptake.

 

[ChrisHunt]

The alternative would be not to capture the username automatically, but to get them to enter it in the form. You could replace the whole script with:

<dev><input type="text" name="VUsername" size="20" tabindex="1"></dev>

Don't ask me what a [tt]<dev>[/tt] element is. I think it's a made-up Microsoft thing, but maybe it's important for something.

-- Chris Hunt
Webmaster & Tragedian
Extra Connections Ltd

 

[travisbrown]

Is their username their lan id? Is this an .asp page? Is "integrated windows authentication" turned on in IIS?

Use <% = request.servervariables("auth_user") %> to et their NT id. It's all done serverside, so no ActiveX problems.

 

[alfordjj]

Username really isn't the issue. Most people know their username. It's the computer name that is the issue. To my knowledge there is no serverside way to grab the computer name. And our computer naming convention is long and essoteric. Most people get it wrong when trying to communicate what it is.

I really appriciate everyone who has tried to help me!!

 

[alfordjj]

Found the answer, seems pretty simple after all of this!

Change the file extention to .HTA

When this is done, the page is run as an application. This may cause some people more problems, but it fixed most of mine.

Here is the MS page I found on it.

http://msdn.microsoft.com/library/d.../author/hta/overview/htaoverview.asp#Security

Thanks again to everyone!!!