We help IT Professionals succeed at work.

detecting activex security settings "script activex controls marked safe for scripting"

chisholmd
chisholmd asked
on
568 Views
Last Modified: 2007-12-19
I need to detec if "script activex controls marked safe for scripting" is enabled or not.

I found this but it does not test specifically enough becuase I assume shell is not marked safe for scripting :) I am assuming that if I run the same code but trying to instantiate an object marked safe for scripting then I'll have what I am looking for.  The solution is an IE only solution so does anyone know:

a) a better way to test for this?
b) an object marked safe for scripting that should be installed on all/most Windoze installs

on error resume next
set oShell = CreateObject("Shell.Application")
set oFolder = oShell.NameSpace("NUL:\")
if err.number <> 0 then
    document.write "Unable to use CreateObject"
else
    document.write "Able to use CreateObject"
end if


Thanks
Comment
Watch Question

CERTIFIED EXPERT

Commented:
Security reasons dont allow you to check for such properties.
CERTIFIED EXPERT

Commented:
// An alernative ethat you can provide to the user...try...catch

<script>
function detectSetting() {
objNet = new ActiveXObject("WScript.Network")
return objNet.ComputerName + " - " + objNet.UserName
}
try {
 document.write(detectSetting())
}
catch(e) {
 if (confirm("Please DO say yes, try again?")) location.reload()
}
</script>
I don't quiet agree to that. When you developing user friendly apps , at times it makes more sense to know clients environment setting, at times just for trouble shooting related purpose, etc.  As long as you not violating the user's security or writing a malicious code, its nothing wrong detecting browser settings.

You need to write an applet , or just buy a ready made product. Check this out , if it interests you :-
http://www.cyscape.com/showbrow.asp?bhcp=1

Author

Commented:
Thanks sajuks, I'll try that. Although I am not sure if WScript.Network is considered "safe for scripting"

The snippet I posted references something that is not marked safe for scripting, so if they allow "safe" but disallow "unsafe" it will just show me "can't create object" even if safe is turned on.   Hopefully Wscript is marked safe because then I'll be able to dicern the difference.

As a note to the pupose; this is part of a subscription app that uses an HTML editing control. If they want to use the app they have to allow "safe for scripting objects"   Right now if they don't allow safe objects they get an ugly error. I want to detect first and provide them a message with how to enable it.

Windows update requires safe activex to be enabled, as does embedded media players etc etc, so I don't think I am asking for unsafe settings so much.

I'll try it now

Author

Commented:
Ya as I though wscript is definitly not marked safe for scripting.

ya see I have an extensive list of detection scripts for my app to detect the presense of various media players, shockwav, etc.   But in those cases I am testing to see if they have one of them installed or not.

In this case I need to test for an object that i am very confident is already installed. wscript is a good candidate in that regard. However I need one that is marked safe for scripting, wscript is definitly not marked safe.

Unfortunetly I don't have the source code license to the 3rd party js I am useing "ActiveEdit" from cfdev.com.  On the server side it creates their object, which has a method that writes the js, so I can't go and add a try around that portion of their code which would be the easiest.

<time passes>

Well I found my answer, If most windows machines have the ado library installed then using the adodb.connnection object works fine. It is marked safe for scripting, so when I try and create it, it will suceed if safe is enabled and fail if it isn't.

Cheers
dave
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.