[racket] How to make IE play nicely with Help Desk

From: Eli Barzilay (eli at barzilay.org)
Date: Sun May 29 17:55:10 EDT 2011

A few seconds ago, Michael M Mason wrote:
> From: Eli Barzilay wrote:
> [snip instructions]
> > The problem with this is that it allows it from *any* file.  IOW,
> > IE gives you either too much security ot too little.
> 
> I'm a little confused. I'm also running Firefox 4, Opera 11, Chrome
> 11 and Safari 5, and they *all* run active content from any file. At
> least, they do on my Windows 7 machine; are you seeing different
> behaviour?

The question is how to run JS scripts from local files securely.  For
example, a local JS script might try to read some files and send that
information to a remote server.  Other browsers deal with these
security issues and prevent such things.  IE's way of dealing with it
is unique in just forbidding any JS execution unless the user agrees
to it, and if there is agreement, then it just lets them do whatever
they want.  So if you change the global settings to allow it, you
effectively allow malicious scripts to do whatever they want too.

-- 
          ((lambda (x) (x x)) (lambda (x) (x x)))          Eli Barzilay:
                    http://barzilay.org/                   Maze is Life!


Posted on the users mailing list.