Is there any method of programmatically determining the current security zone settings for Internet Explorer?
I'd like to know when my site will have the XMLHttpRequest ActiveX control blocked due to IE security policy, but before the site actually tries to create it and thus causes the yellow bar to appear up the top (saying "To help protect your security, Internet Explorer has restricted this webpage from running scripts or ActiveX controls that could access your computer.")
Thanks.
There's no handle in JavaScript to detect the security zone being used by IE.
In order to do what you need to do, you could check document.location and determine the security zone from that.
I'd like to know when my site will have the XMLHttpRequest ActiveX control blocked due to IE security policy
You can't even if you did know what zone you were in, since you can't read the per-zone settings, and as of IE6SP2 there are more settings that affect ActiveX that aren't configurable on a per-zone basis. (IE7 has even more control-specific settings.)
I know no way to speculatively create an XMLHttpRequest and avoiding the yellow bar, short of only ever using the native ‘new XMLHttpRequest()’ object, which makes you IE6-incompatible.
The security zone doesn't matter, because windows users can determine themselves which protocols are handled by which zone. E.g., I added the entire http and the entire https zone to the trusted sites zone (zone 2). This is done through the key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
You can check for the document.protocol through javascript, but how is this going to help you?
if (document.protocol == "HTTP (HyperText Transfer-Protokoll)")
You assume it's internet zone, but on my computer it's the trusted zone complete with its own individual security settings. It sux that jscript won't allow you to get the individual security setting values for each zone.
It is possible to execute activex objects without that stupid yellow bar, but you need to add the com objects guids to the list of safe com objects. This is done through the registry. Default is unsafe for most objects with the exception of some stupid useless crap objects like flash activex, wmp activex and stuff