IE7 Access Denied - Local Filesystem

FCKXml.prototype.LoadUrl = function( urlToCall, asyncFunctionPointer )
{
   var oFCKXml = this ;

   var bAsync = ( typeof(asyncFunctionPointer) == 'function' ) ;

   var oXmlHttp = this.GetHttpRequest() ;

   oXmlHttp.open( "GET", urlToCall, bAsync ) ;   // offending line

   if ( bAsync )

http://hoenes.blogspot.com/2007/04/fckeditor-running-on-desktop.html

<html>
<head>
    <script type="text/javascript" src="fckeditor/fckeditor.js"></script>
</head>
<body>
    <script type="text/javascript">
        var sBasePath = 'fckeditor/'

        var oFCKeditor = new FCKeditor( 'FCKeditor1' ) ;
        oFCKeditor.BasePath   = sBasePath;
        oFCKeditor.Height   = '100%';
        oFCKeditor.Width    = '100%';
        oFCKeditor.Value   = 'This is some <strong>sample text<\/strong>. You are using <a href="http://www.fckeditor.net/">FCKeditor<\/a> in a <b>WinForms</b> application.' ;
        oFCKeditor.Create() ;
    </script>
</body>
</html>

FCKTools.CreateXmlObject = function( object )
{
   var aObjs ;

   switch ( object )
   {
      case 'XmlHttp' :
         // Try the native XMLHttpRequest introduced with IE7.
         try { return new XMLHttpRequest() ; } catch (e) {}   // bad for use on local filesystem

         aObjs = [ 'MSXML2.XmlHttp', 'Microsoft.XmlHttp' ] ;  // use this instead for local filesystem
         break ;

      case 'DOMDocument' :
         aObjs = [ 'MSXML2.DOMDocument', 'Microsoft.XmlDom' ] ;
         break ;
   }

   for ( var i = 0 ; i < 2 ; i++ )
   {
      try { return new ActiveXObject( aObjs[i] ) ; }
      catch (e)
      {}
   }

   if ( FCKLang.NoActiveX )
   {
      alert( FCKLang.NoActiveX ) ;
      FCKLang.NoActiveX = null ;
   }
   return null ;
}

Thu, 11/20/2008 - 17:25

duncan

Joined: 07/09/2007

Posts: 5

Re: IE7 Access Denied - Local Filesystem

We've just found this problem too - but on a hosted webpage.
A customer has a very locked down IT system and have recently changed their policy regards 'new ActiveXObject' javascript method call.
Their new security policy is being rolled out gradually across their organisation.
Individual PCs have reported FCKEditor working one day and not working the next, there is space reserved on the form for FCKEditor, but it never appears.
This was first reported about a month ago, but so many people are now affected that the whole organisation is contemplating stopping using our web application.
Obviously this is now the No 1 priority item on my development list !!!!

Their security change is as follows:
They used to prevent the browser from executing the method - we tweaked FCKEditor to catch the exception and do something sensible.
Now they scan the js file and prevent the file from being cached - it is downloaded, then discarded by the client.

Hence, any javascript file with 'new ActiveXObject' in it is unavailable to the client.

I'm in the process of moving the offending 'new ActiveXObject' code into a separate js file so FCKEditor can continue operating when the offending file is blocked.