Avatar of jigdog
jigdogFlag for United States of America asked on

Retrieve Security Status of Webpage - Trusted Sites

Is there a way to use scripting or coding (vb.net, c#, javascript) to detect the security status of the page holding the code (i.e. is it a trusted site) ?

Thanks.

J
Web Browsers.NET ProgrammingScripting Languages

Avatar of undefined
Last Comment
jigdog

8/22/2022 - Mon
pdben

You could use JavaScript to test if the page has a SSL connection, by looking for the "https://" in the url:

<script>

if(window.location.href.indexOf("https://") >= 0){
 securepg=true;
}
else{
 securepg=false;
}

</script>
ASKER
jigdog

This would verify ssl state, but would not tell me what zone (resticted, trusted, internet, intranet) the page exists in.
pdben

You could try running a script that requires a trusted site, and if it fails you know it is not a trusted site. Use try...catch

try {
// run script requiring trusted site
 securepg=true;
}
catch (err) {
// if above script cannot run, then it's not a trusted site
 securepg=false;
}
Your help has saved me hundreds of hours of internet surfing.
fblack61
ASKER
jigdog

How would a script require a trusted site?  Have an example?
pdben

How about this:

securepg=true;
try {
  var test=new ActiveXObject("Scripting.FileSystemObject");    
}
catch (e) {
 securepg=false;    
}
ASKER
jigdog

That didn't do it ... both situations resulted in false ... her is what i actually used:


<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
    <title>Check Secure Javascript</title>
</head>
<body>
 
<script language="javascript" type="text/javascript">
securepg=true;
try {
  var test=new ActiveXObject("Scripting.FileSystemObject");    
}
catch (e) {
 securepg=false;    
}
 
if(securepg) { document.write('Secure!');}
else { document.write('Not Secure!');}
 
</script>
 
</body>
</html>

Open in new window

Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
pdben

Internet Explorer insists that only SSL sites can be registered as a Trusted Site, which means that the previous example to test for https:// in the url should be sufficient.
ASKER
jigdog

You can turn off the 'SSL Required' option in the Trusted sites settings to allow for non-SSL sites to be added to the list.  It is a checkbox below the list in the options dialog.
ASKER CERTIFIED SOLUTION
jigdog

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question