Solved

detecting activex security settings "script activex controls marked safe for scripting"

Posted on 2004-03-23
7
496 Views
Last Modified: 2007-12-19
I need to detec if "script activex controls marked safe for scripting" is enabled or not.

I found this but it does not test specifically enough becuase I assume shell is not marked safe for scripting :) I am assuming that if I run the same code but trying to instantiate an object marked safe for scripting then I'll have what I am looking for.  The solution is an IE only solution so does anyone know:

a) a better way to test for this?
b) an object marked safe for scripting that should be installed on all/most Windoze installs

on error resume next
set oShell = CreateObject("Shell.Application")
set oFolder = oShell.NameSpace("NUL:\")
if err.number <> 0 then
    document.write "Unable to use CreateObject"
else
    document.write "Able to use CreateObject"
end if


Thanks
0
Comment
Question by:chisholmd
7 Comments
 
LVL 33

Expert Comment

by:sajuks
ID: 10664471
Security reasons dont allow you to check for such properties.
0
 
LVL 33

Expert Comment

by:sajuks
ID: 10664577
// An alernative ethat you can provide to the user...try...catch

<script>
function detectSetting() {
objNet = new ActiveXObject("WScript.Network")
return objNet.ComputerName + " - " + objNet.UserName
}
try {
 document.write(detectSetting())
}
catch(e) {
 if (confirm("Please DO say yes, try again?")) location.reload()
}
</script>
0
 
LVL 3

Expert Comment

by:xp_commander
ID: 10664588
I don't quiet agree to that. When you developing user friendly apps , at times it makes more sense to know clients environment setting, at times just for trouble shooting related purpose, etc.  As long as you not violating the user's security or writing a malicious code, its nothing wrong detecting browser settings.

You need to write an applet , or just buy a ready made product. Check this out , if it interests you :-
http://www.cyscape.com/showbrow.asp?bhcp=1
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 7

Author Comment

by:chisholmd
ID: 10664655
Thanks sajuks, I'll try that. Although I am not sure if WScript.Network is considered "safe for scripting"

The snippet I posted references something that is not marked safe for scripting, so if they allow "safe" but disallow "unsafe" it will just show me "can't create object" even if safe is turned on.   Hopefully Wscript is marked safe because then I'll be able to dicern the difference.

As a note to the pupose; this is part of a subscription app that uses an HTML editing control. If they want to use the app they have to allow "safe for scripting objects"   Right now if they don't allow safe objects they get an ugly error. I want to detect first and provide them a message with how to enable it.

Windows update requires safe activex to be enabled, as does embedded media players etc etc, so I don't think I am asking for unsafe settings so much.

I'll try it now

0
 
LVL 7

Author Comment

by:chisholmd
ID: 10664747
Ya as I though wscript is definitly not marked safe for scripting.

ya see I have an extensive list of detection scripts for my app to detect the presense of various media players, shockwav, etc.   But in those cases I am testing to see if they have one of them installed or not.

In this case I need to test for an object that i am very confident is already installed. wscript is a good candidate in that regard. However I need one that is marked safe for scripting, wscript is definitly not marked safe.

Unfortunetly I don't have the source code license to the 3rd party js I am useing "ActiveEdit" from cfdev.com.  On the server side it creates their object, which has a method that writes the js, so I can't go and add a try around that portion of their code which would be the easiest.

<time passes>

Well I found my answer, If most windows machines have the ado library installed then using the adodb.connnection object works fine. It is marked safe for scripting, so when I try and create it, it will suceed if safe is enabled and fail if it isn't.

Cheers
dave
0
 

Accepted Solution

by:
PashaMod earned 0 total points
ID: 11007184
PAQed, with points refunded (250)

PashaMod
Community Support Moderator
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
listing all functions in JavaScript 19 101
C3-->D3 Line Chart 4 17
angularls and plnkr 14 17
onOpen 14 38
When you need to keep track of a simple list of numbers or strings, the Array object is your most direct tool.  As we saw in my earlier EE Article (http://www.experts-exchange.com/A_3488.html), typical array handling might look like this: (CODE) B…
This article discusses how to create an extensible mechanism for linked drop downs.
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now