[racket] docs, IE, and low-integrity file permissions on Windows

From: Matthew Flatt (mflatt at cs.utah.edu)
Date: Thu Jan 8 12:40:20 EST 2015

Does anyone have experience managing Windows machines and installations
with low integrity permissions on some files? In particular, is an
installer that attempts to mark files as low-integrity likely to create
trouble for an installation?

I've been investigating a way to make Racket documentation work in
local mode with IE. I don't want this attempt to backfire by making the
Racket Windows installer more fragile overall.


The problem is that, in its default configuration, IE refuses to run
JavaScript local files, which means that the Racket documentation
search page doesn't work. Some IE users get a panel with an "Allow
Blocked Content" button that has to be clicked every time, but some
users apparently don't even get that manual override.

Adding a mark of the web (MOTW) to the local HTML files doesn't work
well for reasons that Eli has explained:

 http://lists.racket-lang.org/users/archive/2008-June/025436.html

Another strategy is to make the "doc" directory and content as
low-integrity by setting file permissions. IE is willing to run
JavaScript within low-integrity content. In that case, IE will also
restrict filesystem access to only other low-integrity content ---
which is fine, as long as all the documentation content is marked as
low-integrity. Setting file and directory permissions, instead of
modifying HTML files, addresses the problems that Eli encountered with
an HTML-comment MOTW.

More concretely, the installer, `raco setup`, and `raco pkg install`
would run the equivalent of

  icacls <dir> /T /setintegritylevel L

When installing Racket or building new documentation in installation
scope, <dir> would be "doc" in the Racket installation's directory.
When installing a package in user scope, <dir> would be a user- or
collection-specific directory.


Posted on the users mailing list.