Thursday, December 07, 2006

CSS: Block IE 'active content' bar

I don't know what implications this has, the IE 'warning active content' bar pops up on safe CSS using ActiveX, but the message may be coming up legitimately.

Problem: I wanted to have a fancy gradient in the background of a button for IE users only. I found css code supposedly uses activeX to achieve this.
CSS code:
.btn { filter:progid:DXImageTransform.Microsoft.Gradient(
GradientType=0,StartColorStr='#ffD3D7E0',EndColorStr='#ff8C939B');}


But when I view the HTML page on my local computer I see:
"To help protect you security, Internet Explorer has restricted this file from showing active content that could access your computer"

Solution: I found a forum that said when you deploy it to HTTP this message goes away. Another alternative is to include the following code.

<!-- Start Information Bar Blocking Code -->
<!-- saved from url=(0027)http://www.blockingspoof.com/dumbie.html -->
<!-- End Information Bar Blocking Code -->


However I noticed that while the IE-Bar goes away, I don't think it addresses this issue: (an IE security flaw which I also found) which leads me to think the IE Bar is legitimately popping up (because of insecure code).
see: http://osvdb.org/27109

No comments: