views:

246

answers:

2

When the user visits a page that contains a signed ActiveX control that has never been seen before, I'd expect IE to ask the user for permission to install the control. But sometimes IE puts up a security warning instead.

For example, consider this site, which has a test control: http://www.pcpitstop.com/testax.asp

I'd expect to get this message -- and sometimes, I do:

"The website wants to run the following add-on: 'XXX' from 'YYY'. If you trust the the website and the add-on and want to allow it to run, click here..."

But under IE8 on XP, I usually get this instead:

"To help protect your security, Internet Explorer has restricted this site from showing certain content. Click here for options..."

What's going on? Any ideas?

Thanks!

+1  A: 

ActiveX objects can execute code, so there is a security concern, so IE by default disables scripts that has ActiveX objects and warns the user

Mahesh Velaga
I understand why it has to ask the user, but why does it give the "The website wants to run the following add-on" message most of the time, but the "restricted this site from showing certain content" some times? What triggers the block instead of the warning?
Geoff
Addon is different from content with ActiveX objects thats why it gives 2 different messages, one to block the addon and one to disable the ActiveX (by default, thats why asks you to click the options)
Mahesh Velaga
A: 

"The website wants to run the following add-on: 'XXX' from 'YYY'. If you trust the the website and the add-on and want to allow it to run, click here..."

This is so called ActiveX Opt-In or Per-site ActiveX. It happens when control is already installed but was not used for the current website. If your AX control was installed from another site or within another control from the same OCX - you will get this message.

As for IE8 + WinXP: looks like security level for Internet Zone is too high. Try default settings and make sure your CAB is signed properly. Unsigned controls are off be default.

Eugene