How to detect trusted site in IE?

Question

Is it possible to determine whether my web site is being accessed as a trusted site? In another question we determined that, in general, it is not prudent to have visibility to client IE settings. Would this qualify as an exception?

The reason I'd like to do this is that some functions won't work unless the site is being accessed as a trusted site (e.g. client-side sendmail -- don't ask), and I'd like to be able to warn users. Despite many warnings in the pages, many users still don't read, and send us nastygrams. We'd like to reduce the email volume by detecting this condition and flashing a big warning that basically says "You didn't read the warnings, and what you're trying to do won't work until you change your settings!" Any ideas are welcome.

EDIT: In our shop, client-side sendmail only works if the site is trusted, and I can't change that due to security requirements, nor can I switch to server-side sendmail. However, this is not the only reason that client-side sendmail will fail, so I can't simply catch a sendmail error to determine this. Also, I don't want this to degrade to a sendmail discussion.

Answer 1

Hi Ken, from my understanding this is not possible but you may have some luck testing for a more specific condition, such as the availability of the specific technology or technologies you need. What type of requirements does your client code place on the browser (ActiveX, Java, scripting etc)? Knowing that will be a very good start toward figuring out how to test the client browser for the environment required by your client code.

Answer 2

Here's a test you could use:

function isTrustedIE(){
    try{
        var test=new ActiveXObject("Scripting.FileSystemObject");
    }
    catch(e){
        return false;
    }

    return true;
}

This will, of course, fail if the user has disabled that particular object, even on a trusted site.

Answer 3

You can ask for the username of the currently logged on user, if you get it you will know the site is in the "Trusted Sites" or "Local Intranet" zones.

Answer 4

Probably, a good way to deal with this, while still supporting unusual combinations, is to test whether or not a specific behavior was successful.

For example, if you need to do

a.innerHTML = "abc";

then you could check whether or not the innerHTML was changed. Unfortunately, I can not assure you that all features are detectable. Also, try...catch statements may be very useful.