Security pop-up on homemade page

[- Bobb -]

I made an html file:
C:\Documents and Settings\Bobb\Desktop\My Stuff.mht

and all it is , is about 20 of my common favorites so I can click that file
and then go to - most of family everyday URL's. Stuff like:

Local Town Events Info
Local Weather
Movies on Yahoo
Yahoo Mail
Google
etc

It works fine but I have one question, please:
When I open the file I get an info bar pop-up:
"To help protect your security, Internet Explorer has restricted this file
from showing active content that could access your computer. Click here for
options..."

I can click " allow" and the pop-up goes away, but WHY do I get that? I
turned on my firewall to see "what's trying to access the network? " turn on
firewall, click ALLOW, and nothing in event log so nothing is REALLY trying
to "show active content".

I wrote the page - nothing but text with hyperlinks.
WHY would any of those links be TRYING to go anywhere ?
I figured I'd add to trusted sites ... it doesn't like " My Computer"
How to avoid the pop-up message every time I open the file ?
Thanks

 

[Kelly]

Description of the Internet Explorer Information Bar in Windows XP SP2
http://support.microsoft.com/kb/843017

--

All the Best,
Kelly (MS-MVP/DTS&XP)

Happy Birthday if today is your birthday!

Taskbar Repair Tool Plus!
http://www.kellys-korner-xp.com/taskbarplus!.htm

 

[- Bobb -]

Hi Kelly,
I had clicked on the info pop-up and then "Info Bar Help" and it tells me
about the messages, but not what TRIGGERED it. So, I know what the message
means: I just don't know how to PREVENT it.
My pop-up detail explains:
"In Windows XP SP2, when the active content is blocked from running in the
Local Computer zone, the Information Bar will appear."

WHAT active content ? that's my question.
There are no ASP's , java, etc

If I turn on firewall, then OPEN page, there are no events, so there is NO
"active content" until I click a link, right ?
Just text associated with a URL.

 

[sgopus]

it's possible your web site has gotten hijacked, and someone has planted some
active X script thereon, would you happen to have a copy of this stashed
away, from it did work properly? I suggest if you do, then wipe the web site
and start again.

 

[Daniel Crichton]

- wrote on Wed, 26 Nov 2008 19:34:03 -0500:

I made an html file:
C:\Documents and Settings\Bobb\Desktop\My Stuff.mht

and all it is , is about 20 of my common favorites so I can click that
file and then go to - most of family everyday URL's. Stuff like:

Local Town Events Info
Local Weather
Movies on Yahoo
Yahoo Mail
Google etc

It works fine but I have one question, please:
When I open the file I get an info bar pop-up:
"To help protect your security, Internet Explorer has restricted this
file from showing active content that could access your computer.
Click here for options..."

I can click " allow" and the pop-up goes away, but WHY do I get that? I
turned on my firewall to see "what's trying to access the network? "
turn on firewall, click ALLOW, and nothing in event log so nothing is
REALLY trying to "show active content".

I wrote the page - nothing but text with hyperlinks.
WHY would any of those links be TRYING to go anywhere ?
I figured I'd add to trusted sites ... it doesn't like " My Computer"
How to avoid the pop-up message every time I open the file ?
Thanks

Are you sure that there is no javascript anywhere in the file, even in the
links?

Why are using a MHT extension for this? If it's just hyperlinks, make it a
..HTM or .HTML file. It's possible that you're getting that warning simply
because you've named the file with the MHT extension.

Looking at the firewall settings is a waste of time - this is an IE "Local
Machine Zone Lockdown" issue, it's a setting to prevent a HTM/MHT file
containing script or activex components from running in the context of the
Local Machine zone which could potentially allow a malicious script to make
changes to your system. You can't add My Computer to the Trusted Sites list
either - it's not a site, it's the local Windows.

One way around this would be to add a "mark of the web" to the file (see
http://msdn.microsoft.com/en-us/library/ms537628(VS.85).aspx ) which makes
IE use the appropriate zone settings for the file content, ie if you add a
"mark of the web" indicating the file was saved from a site in the Trusted
Sites zone then it will run in the security context of the Trusted Sites
zone, if you add one that is for a non-Trusted site then it will run in the
security settings for the Internet Zone.

 

[Rob Giordano [MS MVP]]

Try adding a "mark of the web" code to your .mht.
Google: "mark of the web" and/or MOTW



--
~~~~~~~~~~~~~~~~~~
Rob Giordano
Microsoft MVP Expression

 

[PA Bear [MS MVP]]

Please state your IE version and full Windows version (e.g., WinXP SP3;
Vista SP1) when posting to this newsgroup.

 

[- Bobb -]

it's possible your web site has gotten hijacked, and someone has planted
some
active X script thereon, would you happen to have a copy of this stashed
away, from it did work properly? I suggest if you do, then wipe the web
site
and start again.

Thanks, but it's not a "website", just a file on my local/isolated pc. It
didn't get 'corrupted'. Right after saving it, first time I opened it, I
got the pop-up. I could see getting a warning once I CLICK on "a URL" but I
don't. It's when the file opens. In Word, I typed a bunch of stuff, then
created hyperlinks for each item.

For example:

"Weekly Sale Circulars"

Best Buy
Circuit City
CompUSA
Home Depot
Lowe’s
Office Depot
Office Max (click on "weekly ad" link)
Staples
Sales Circulars – search by Product Type – not store.
Techbargains.com

Each line is a hyperlink. I open this one file and in this part of it, I
can click around to see what's on sale. So I click Lowe's and it brings me
to Lowe's webpage. There ARE two links that point to content WHEN I click on
the link, like: ( specifies a store - had to pick a store the first time -
to save link)
http://bestbuy.shoplocal.com/bestbu...siteid=156&adref=header&h=488&storeID=2412805
but the page itself was a new file when I started.
The others point simply to
www.homedepot.com etc

 

[- Bobb -]

- wrote on Wed, 26 Nov 2008 19:34:03 -0500:








Are you sure that there is no javascript anywhere in the file, even in the
links?

In two of the LINKS there is java - I thought would only apply once I
clicked on the link .. so that's the problem !

Why are using a MHT extension for this? If it's just hyperlinks, make it a
.HTM or .HTML file. It's possible that you're getting that warning simply
because you've named the file with the MHT extension.

I had tried .mht first - same thing

Looking at the firewall settings is a waste of time - this is an IE "Local
Machine Zone Lockdown" issue, it's a setting to prevent a HTM/MHT file
containing script or activex components from running in the context of the
Local Machine zone which could potentially allow a malicious script to
make changes to your system. You can't add My Computer to the Trusted
Sites list either - it's not a site, it's the local Windows.

One way around this would be to add a "mark of the web" to the file (see
http://msdn.microsoft.com/en-us/library/ms537628(VS.85).aspx ) which makes
IE use the appropriate zone settings for the file content, ie if you add a
"mark of the web" indicating the file was saved from a site in the Trusted
Sites zone then it will run in the security context of the Trusted Sites
zone, if you add one that is for a non-Trusted site then it will run in
the security settings for the Internet Zone.

I read about MOTW and it sounds just like what I need. I've got XP SP2 all
security/required updates (except IE7 and SP3). I opened the mht - saved
as htm. Edited the .htm file ( with WORD not frontpage).
I entered
<!-- saved from url=(0014)about:internet -->
at top of doc - Save as webpage.
That text now appears as text in the file now, so obviously not coded. Is
that syntax correct ? Any simple way to imbed that, or do I need to use Web
Editor app ? I do have Frontpage 2000 on Cd but haven't used it in years.
Thanks

 

[Daniel Crichton]

- wrote on Sun, 30 Nov 2008 07:48:16 -0500:

In two of the LINKS there is java - I thought would only apply once I
clicked on the link .. so that's the problem !

Do the links start with something like "javascript:". If so, that's java
script that runs in the browser when you click the link, not once you've got
to the site.

I had tried .mht first - same thing

I assume you meant to write .htm there

I read about MOTW and it sounds just like what I need. I've got XP SP2
all security/required updates (except IE7 and SP3). I opened the mht
- saved as htm. Edited the .htm file ( with WORD not frontpage).
I entered <!-- saved from url=(0014)about:internet -->
at top of doc - Save as webpage.
That text now appears as text in the file now, so obviously not coded.
Is that syntax correct ? Any simple way to imbed that, or do I need to
use Web Editor app ? I do have Frontpage 2000 on Cd but haven't used it in
years.
Thanks

It's a comment - so it needs to be in the source of the HTML, not just typed
into Word (which will convert it so that it's displayed in the page like
other content). You could just open the .mht file in Notepad and add it at
the top. However, now you've mentioned that you used Word that might explain
why this .mht file is triggering the warning - Word creates awful HTML files
full of XML and VML and the VML parts might well be treated as "active"
content, hence the warning. Given the options of Word or Frontpage I'd
choose FP for creating HTML files. However, personally I use a text editor
because Frontpage also tends to create very messy HTML files. You'd be much
better off taking a look at Visual Web Express which you can download free
from the MS web site and is a much better HTML creator/editor than
Frontpage.

 

[- Bobb -]

- wrote on Sun, 30 Nov 2008 07:48:16 -0500:




Do the links start with something like "javascript:". If so, that's java
script that runs in the browser when you click the link, not once you've
got to the site.



I assume you meant to write .htm there



It's a comment - so it needs to be in the source of the HTML, not just
typed into Word (which will convert it so that it's displayed in the page
like other content). You could just open the .mht file in Notepad and add
it at the top. However, now you've mentioned that you used Word that might
explain why this .mht file is triggering the warning - Word creates awful
HTML files full of XML and VML and the VML parts might well be treated as
"active" content, hence the warning. Given the options of Word or
Frontpage I'd choose FP for creating HTML files. However, personally I use
a text editor because Frontpage also tends to create very messy HTML
files. You'd be much better off taking a look at Visual Web Express which
you can download free from the MS web site and is a much better HTML
creator/editor than Frontpage.

I THOUGHT Word was making things easy for me ...
Perfect ! I edited with notepad - inserted that line - bingo - no pop-up.
When I get some time I'll have to download /play with Visual Web Express.
Thanks to all.

 

[- Bobb -]

Dan,

I ran into same problem again - couldn't find answer online, but I then
remembered the source of the fix last time.

I had this saved in OE - my 'Newsgroup tips' folder
Thanks AGAIN.
..

 

[VanguardLH]

Dan,

I ran into same problem again - couldn't find answer online, but I then
remembered the source of the fix last time.

I had this saved in OE - my 'Newsgroup tips' folder
Thanks AGAIN.
...

<snipped the old thread dated way back in Nov 2008>

You thought Dan was still monitoring the 20-month old thread? You
needed to share your diary entry about the success of your newsgroups
search or looking in your notes or saved posts?

Using MOTW (Mark of the Web) in your HTML file is just one solution. If
you are going to run more HTML files that are local and have active
content then you might want to consider disabling the security feature
in IE that generates the infobar popup that you want to avoid.

Internet Options -> Advanced tab
Security section
"Allow active content ..." (2 options)

Enable those options (to disable the warning infobar). Of course, not
putting scripts in your local HTML files would work, too.