Internet Explorer Active Scripting Setting

Posted on 2007-10-09
Last Modified: 2013-12-08
In our company we use Internet Explorer 6.0

Active Scripting has been disabled for the whole company. This means that many AJAX and other advanced webpages do not display correctly.

Are there any current known security issues with enabling this? I searched online and found only issues from 2003, but nothing recent. How can we convince our central IT to enable this feature? Any good reference sites?
Question by:riffrack
    LVL 11

    Expert Comment

    Well First thought is if there are only certain sites you care about loading right set them as trusted sites and enable it for trusted sites only to minimize the risk.
    LVL 11

    Accepted Solution

    I don't have any data to back this up but I don't believe active scripting is a threat, the true threat would be plug-ins. Connecting the browser to the server via AJAX, the worst that can happen is that the page tracks every action you do within that window's context. So what would that mean they know you mouse hovered over an image, or that you started to type xxxxx but erased it, or they can get some generic machine related data like screen resolution in real time without a form submit. But they can't do anything malicious that I am aware of. As the browser retains a security lock out of non-related windows accessin each other's memory.. So the script can't find out that there are other windows open unless it opened them.  it can't pass data between different domains. So for instance I can't put in AJAX calls to google on xyz domain... unless I have a page on xyz domain calling out to google returning it through xyz domain.


    Author Comment

    Many thanks for your information. I agree with your comments.

    Does anybody have any reference sites which explains this in detail?

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    Now-a-days, indirectly, postal services have been replaced by email services. Yes, whenever we hear the word "email" a lot of people only think of gmail. Some people still think that email and gmail are one and the same thing :-). Let's see some …
    SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
    The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
    This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now