tags:

views:

48

answers:

1
+1  Q: 

file:// urls and Internet Explorer

I have an intranet application, which for many years has made use of the file:// syntax for urls to link to resources on (hopefully) network shares. I know that uploading instead of linking, and perhaps using webDAV would be a better solution, but that is currently outside of the scope of my problem.

Until very recently, accessing a file:// link from a page worked fine. However, recently it has stopped working. I can finds references to mozilla preventing file:// links from working when accessed from an http:// or https:// page, but I cannot find any reference to Internet Explorer implementing the same behaviour. I am assuming a windows update has done this, because even IE6 has started to exhibit this behaviour, and I know for sure that IE6 and IE7 have been working fine. Unfortunately I cannot be sure exactly when it stopped working.

Someone else must have come across this and can give me a definitive answer as to whether this potential security hole has been 'fixed'.

ALl info greatly appreciated

+1  A: 

Try adding your site to "Trusted sites", as explained here:

http://windowsxp.mvps.org/ie/elevlocalfile.htm

The issue is a new security feature in Internet Explore 6 Service Pack 1. In order to prevent Internet vicious codes from accessing your local files, the development team developed the new security feature and included it in IE6 SP1. Please be advised that this is a normal behavior. Actually, IE6 SP1 includes new security code checks that prevent "zone elevation". This means that documents located in the "Internet" zone will not be granted access (through HREFs, scripting...etc) to documents in the "My Computer" zone

...

In Windows XP Service Pack 2, no site from any Zone can open files in local machine zone, whereas in pre-SP2, only Internet Zone sites were restricted to open local files, while Trusted/Intranet can.

PMN  2009-11-25 12:21:54
Very useful info. ThanksFurther testing has shown that IE6 won't obey any of the Intranet/Internet zones rules, and refuses all file:// links unless you use one the registry hacks mentions in the mvps post, above. IE8 doesn't care about the zones. IE7 testing in progress.
Greg Woods  2009-11-25 17:25:46
I can also confirm that at east of the problem is due to user error. Some links that I thought were valid actually weren't. I was expecting a 'Not found' popup, but this doesn't appear in IE6. The only surefire way to tell if a link is valid is to Right-click, Save Target As. No save dialog means a broken link.
Greg Woods  2009-11-25 17:28:08

related questions

Web framework programming mindset
ASP.NET - asp:xxx Controls versus standard HTML
From Desktop to Web browser considerations
Which PHP Framework will get me to a usable UI the fastest?
Best practice for integrating TDD with web application development?
How to Manage Web Development?
When is a file just a file?
Recommendations for browser add-on tools to help with development
REALLY Simple Website--How Basic Can You Go?
Convince Firefox to send an If-Modified-Since header over HTTPS
What do the getUTC* methods on the date object do?
Planning and Building a mobile enabled site for your main site.
Firebug for IE
Javascript and PHP - Login Script with hidden buttons
Firebug won't display console feeds for some of my sites
Displaying ad content from Respose.WriteFile()/ Response.ContentType
How can I detect if a browser is blocking an popup?
How to Test Web Code?
What PHP framework would you choose for a new application and why?
How do you disable browser Autocomplete on web form field / input tag?
What is Progressive Enhancement?
In HTML, how to word-break on a dash?
The Definitive Guide To Website Authentication
How do you test layout design across multiple browsers/OSs?
How much of the Web build process do you/should you automate?