Running scripts from your desktop

You can easily find answers elsewhere to the security problem documented here, but since one of my recent posts might lead you into the problem I thought I’d provide the solution.

I have a small HTML file that I’ve been using to launch the DesignBais developer environment in a button-less form as described in The Dreaded Back Button. When I click this doc from my desktop I get an IE6 security warning which is there to stop malicious code from accidentally being run from the local PC. This is my code, so I don’t need the warning, thank you. You won’t have this problem if you run such documents from your website, and that was the whole purpose of that article, but for testing purposes, sometimes the desktop is convenient.

To avoid the message I needed to modify the file so that IE knows it’s OK to run this with Intranet permissions. All that takes is a single line at the very top of the HTML doc. Here’s my whole doc so that you don’t need to guess at what I’m talking about: The same line will work for you.

<!– saved from url=(0017)http://localhost/ –>
<html>
<body>
Click
<a href="javascript:window.open(
 ‘http://localhost/dev1/’,
 ‘WebApplication’,
 ‘width=1000,height=640,left=10,top=10,scrollbars,status’);">
 here
</a>
to launch DesignBais
</a>
</body>
</html>

On clicking the link I get a nice container that’s not much unlike a thick client.