I know that this is a touchy subject...but the end result is not meant for maliscous intent...here goes.

Within a local intranet I want to be able to run unsigned ActiveX Controls via JavaScript but I would like to be able to trap errors if the user clicks "no" at the IE ActiveX Control warning prompt.

The following are desired:

1. Check to see if the IE browser has security settings set to low for the Local Intranet Security Setting

2. If Local Intranet Security setting is set to low then call the ActiveX control code

3. If the user clicks "No" saying that they don't want the ActiveX to run then abort the JavaScript without script errors.

Please offer any suggestions on handling the errors or checking the client settings.

Thanks in advance!

Hello all, I just wanted to see if anyone had any ideas to share on the topic...

Thanks to all that offer any insight!

I don't think it's possible to read the security settings and trap security errors like that.

But in any case you don't need to ... if you're developing for an intranet, you simply ask your systems department to ensure that all intended users have their intranet zone security settings appropriately set.

brothercake,

Thanks for the input..I wish it were that simple but as you may know; if you want the job done..you almost always have to do it yourself...

I really want to be able to handle a user clicking cancel on an ActiveX warning dialog...so far the webscripts just error out because they do not know the return of the ActiveX prompt...

Originally posted by KrazyKid
I wish it were that simple but as you may know; if you want the job done..you almost always have to do it yourself...

If you're working for or with a company to build their intranet, they must appreciate that there are technical prerequisites. I cannot imagine any business would refuse to comply with the technical prerequisites of a job they've asked you to do. It doesn't make sense.

If it's just a case of manpower, you could do it yourself - go to each workstation in turn and configure it. Or hire a temp to do it.

I don't understand why this would be a problem.

Yup it can be done by means of SMS or other login scripts so that I don't have to point and click on every client machine..

Throwing the browser settings question aside....

The real question is how to determine from a html embedded script whether or not the user clicked "No" or "Cancel" from an ActiveX security prompt.

I would think that there is some kind of return value from the browser...
!:confused:
Thanks again

There is ... you can trap window-level error messages and fire an event from it, but that doesn't suppress the error message. Complete error suppresion is only possible with JScript, which is, itself, an activeX control.

I think the real question is why you want to do this. I've offered you a practical, real way of doing what you need to do. Why are you so determined to find a way of detecting security settings if what you're working on is for a predictable environment?

Simply put.

if I have pseudo code that does this

call activeXobject
<user gets prompt>
if user presses yes
run unsigned activexcontrol;
else if user presses no
<script errors out because it can't run>
run whatever I want;

I want to suppress the errors and just go to an alternate statement or exit the function.

If that is unclear in anyway I will try to restate the scenario.

Thanks to all that have a solution!

Look. You must appreciate, indeed your first post indicates that you do, the potential for abuse of knowledge about scripting round security issues, even for something as apparently innocuous as a redirect that says "this page doesn't work".

I'm not for a moment suggesting any ill intent on your part, I simply want to know, before I'm prepared to do any research on your behalf, why you would conceivably need to do this. What is the point?

Ok I really do appreciate all of your time and thoughts!

Here goes:
There is a need to change the registry settings for a breif second to print the background colors and images of a website that displays tables and images for pseudo-reporting purposes and then set them back to normal so that there is not wasted printer ink and the user's settings will remain as before the printing...

I have it working using ActiveX and shell commands using alerts telling the user what to do but it only works if the intranet zone settings are set to low...

If the settings are not set to low; I want to be able to trap this and alert them to contact IT.

If the user does click cancel or no during the ActiveX control prompt, I want to eliminate the displaying of the script errors..becuase the script is "fine"

Does that help ease your conscious?

I hope so :)

Thanks again!!!!

I guess so. I think that this is perhaps not the best approach, because it might just be easier to bring the background into the foreground, so to speak, and get it to print that way.

But anyway - javascript alone can't do this. I think there are two ways: the first is to use JScript, but that itself is an unsigned activeX control - unless you get it signed or buy a pre-written and authenticated script to do it. The second is to run the script from an HTA (HTML application) on the client machine, because HTAs ignore security settings. Check out http://msdn.microsoft.com/library/default.asp?url=/workshop/author/hta/overview/htaoverview.asp for info

Glad to hear that you are more at ease.

I do have it working with scripting calls without errors as long as the user accepts the warning and clicks "yes"

I have used HTAs before but this is a server generated asp outputted html formatted page that has been around for years but always a end-user support battle.

I really would love to know how to handle any browser client-side prompts such as this specific ActiveX confirm dialog.

I want to handle the exceptions for the intricacies stated in prior posts.

Thanks, and as always, I am more than open to comments, questions, or suggestions!!

Setting up your own internal signing authority isn't all that difficult (MS Certificate Server, installable with IIS) will allow you to sign your ActiveX controls. Why not do that rather than try to figure out how to silently run unsigned controls?

if you only want to trap ActiveX control error, remove the else part.


<head>
<script language="javascript">
window.onerror=errorHandler;
function errorHandler(reason,page,line) {
if (reason.indexOf("create object")>-1)
alert("You have chosen not to run ActiveX control on this page or Run ActiveX controls is disabled.\nIf you want to run it later, you need to enable ActiveX controls in the Security settings and then refresh this page.");
else
alert('A JavaScript error has occurred on the page:\n '+page+'\n\nOn line #:\n '+line+'\n\nFor the reason:\n '+reason);

return true;
}
</script>
</head>

that will trap the error, but like I said - it won't suppress the error message. Javascript can't do that.

glenngv, Roy Sinclair, and brothercake thank you all for offering input to help solve this problem.

I am going to place the error handling script code into my page to at least know if the user denies running the activeX! Thanks again glenngv!

I am also going to pursue MS Certificates; please feel free to post more info Roy...thanks in advance!

:thumbsup: See this is why I love this forum; lots of experienced people from all disciplines always looking to exand their knowledge base!

Thanks again to all (even the people that didn't post) that took the time to think about or find a solution!

no brothercake, that will suppress the error by putting return true at the end of the function. I my previous post, i just made a custom error msg but the actual javascript error dialog is suppressed. If you want, you can just put return true without your custom error msg. By doing so, all javascript errors will not be displayed, and if there would be an error, the user would not know why your code is not working.

window.onerror=errorHandler;
function errorHandler(reason,page,line) {
return true;
}

Originally posted by brothercake
that will trap the error, but like I said - it won't suppress the error message. Javascript can't do that.

Oh, well then I stand corrected :p Can't say I'm very happy about that. I don't think javascript should provide a mechanism for suppressing error messages