SideBar crashes when running ActiveX components that require approval

Discussion in 'Windows Vista General Discussion' started by Jon Abbott, Jun 26, 2006.

  1. Jon Abbott

    Jon Abbott Guest

    If a Gadget calls an ActiveX object that in IE prompts for authorization (ie
    the prompt "To help protect your security, Internet Explorer has restricted
    this webpage from running scripts or ActiveX controls that could access your
    computer. Click here for options...") SideBar crashes.

    Surely it should prompt or close the Gadget, not crash.

    Two ways to reproduce this are with Java or Shockwave:

    1. With Java

    gadget.html:

    <html>
    <head>
    <title>Crash by Java</title>
    <style>
    body {
    width:120;
    height:120;
    }
    </style>
    </head>
    <body>
    <APPLET code="test.class" name="testjava" width=100% height=100%></APPLET>
    </body>
    </html>


    test.class compiled from test.java:

    import java.applet.*;

    public class test extends Applet {
    public void init()
    {
    }
    }



    2. With ShockWave

    gadget.html

    <html>
    <head>
    <title>Crash by ShockWave</title>
    <style>
    body {
    width:120;
    height:120;
    }
    </style>
    </head>
    <body>
    <EMBED TYPE="application/x-shockwave-flash" src="test.swf" width=100%
    height=100%>
    </body>
    </html>

    test.swf can be any ShockWave app.
     
    Jon Abbott, Jun 26, 2006
    #1
    1. Advertisements

  2. Jon Abbott

    Jon Abbott Guest

    Spoke too soon, it's Shockwave and Java that crash it, Sidebar still crashes
    with a "Mark of the Web" added to gadget.html.
     
    Jon Abbott, Jun 26, 2006
    #2
    1. Advertisements

  3. Why do you think this is an authenticode issue, and not some other bug? (Is
    there something that leads you to think that?) I ask, because I have seen a
    crash in Flash where the version of Flash running has a stack overrun, which
    Vista security measures detect and result in a forced crash. (This is the
    DEP and NX support in the OS, if you're familiar with it.)

    -Bruce
     
    Bruce Williams [MSFT], Jun 27, 2006
    #3
  4. I don't understand, what's a "Mark of the Web"?

    -Bruce
     
    Bruce Williams [MSFT], Jun 27, 2006
    #4
  5. Jon Abbott

    Jon Abbott Guest

    "Mark of the Web" - forced IE to not block ActiveX components on the page. Add
    the following line to top of gadget.html:

    <!-- saved from url=(0013)about:internet -->
     
    Jon Abbott, Jun 27, 2006
    #5
  6. Jon Abbott

    Jon Abbott Guest

    My mistake, as I said in the other post, it's not security causing it. Sidebar
    has an issue when calling Flash or Java.

    Flash, yes agreed DEP is killing Sidebar. Java is a similar issue.
     
    Jon Abbott, Jun 27, 2006
    #6
  7. I learn new things every day - thanks!

    -Bruce
     
    Bruce Williams [MSFT], Jun 27, 2006
    #7
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.