Microsoft Windows Vista Community Forums - Vistaheads
Recommended Download



Welcome to the Microsoft Windows Vista Community Forums - Vistaheads, YOUR Largest Resource for Windows Vista related information.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so , join our community today!

If you have any problems with the registration process or your account login, please contact us.

Driver Scanner

how to prevent IE to run javascript in txt file

microsoft.public.internetexplorer.general






Speedup My PC
Reply
  #1 (permalink)  
Old 07-25-2008
serene
 

Posts: n/a
how to prevent IE to run javascript in txt file
I'm using tomcat 5.0 and IE 6.0.3790.1830.

I created a file test.txt with content:
<script>alert('test_attachment')</script>

I put test.txt under directory "C:\Program Files\Apache Software
Foundation\Tomcat 5.0\webapps\ROOT", then access this file from IE using url:
http://localhost:8080/test.txt, I can see the dialog of 'test_attachment'.

so IE is executing the javascript, instead of using a default txt editor
such as notepad to open test.txt.

But if I use firefox, firefox will display test.txt content, instead of
running the javascript.

For IE, is this as designed? or is there any workaround to let IE display
test.txt content instead of running the javascript?

Thank you!

Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 07-25-2008
Robert Aldwinckle
 

Posts: n/a
Re: how to prevent IE to run javascript in txt file
"serene" <serene@discussions.microsoft.com> wrote in message
news:7B4B900C-0893-4C9A-862D-08A58240C90B@microsoft.com...
> I'm using tomcat 5.0 and IE 6.0.3790.1830.
>
> I created a file test.txt with content:
> <script>alert('test_attachment')</script>
>
> I put test.txt under directory "C:\Program Files\Apache Software
> Foundation\Tomcat 5.0\webapps\ROOT", then access this file from IE using url:
> http://localhost:8080/test.txt, I can see the dialog of 'test_attachment'.
>
> so IE is executing the javascript, instead of using a default txt editor
> such as notepad to open test.txt.
>
> But if I use firefox, firefox will display test.txt content, instead of
> running the javascript.
>


> For IE, is this as designed? or is there any workaround to let IE display
> test.txt content instead of running the javascript?



By default IE does MIME sniffing and ignores the file extension.
So, to see whether IE should be doing that you would have to consider
the Content-type the file is being sent under plus the fact that this
probably looks like HTML when it is scanned.

You could try using the Custom Level Security setting which forces IE
to respect the file extension.


>
> Thank you!



Good luck

Robert Aldwinckle
---


Reply With Quote
  #3 (permalink)  
Old 07-27-2008
Frank Saunders MS-MVP IE,OE/WM
 

Posts: n/a
Re: how to prevent IE to run javascript in txt file
"serene" <serene@discussions.microsoft.com> wrote in message
news:7B4B900C-0893-4C9A-862D-08A58240C90B@microsoft.com...
> I'm using tomcat 5.0 and IE 6.0.3790.1830.
>
> I created a file test.txt with content:
> <script>alert('test_attachment')</script>
>
> I put test.txt under directory "C:\Program Files\Apache Software
> Foundation\Tomcat 5.0\webapps\ROOT", then access this file from IE using
> url:
> http://localhost:8080/test.txt, I can see the dialog of 'test_attachment'.
>
> so IE is executing the javascript, instead of using a default txt editor
> such as notepad to open test.txt.
>
> But if I use firefox, firefox will display test.txt content, instead of
> running the javascript.
>
> For IE, is this as designed? or is there any workaround to let IE display
> test.txt content instead of running the javascript?
>
> Thank you!
>


You may be a victim of Local Machine Lockdown
Local Machine Lockdown
http://www.winxptutor.com/lmzunlock.htm
and
http://www.microsoft.com/technet/pro...on129121120120

or you may need the Mark of the Web:
Mark of the Web:
http://msdn.microsoft.com/library/de...rview/motw.asp
or Rename the page from page.HTM to page.HTA
http://www.microsoft.com/technet/pro...rows.mspx#EIAA

--
Frank Saunders MS-MVP IE,OE/WM
Do not reply with email

Reply With Quote
  #4 (permalink)  
Old 07-28-2008
serene
 

Posts: n/a
Re: how to prevent IE to run javascript in txt file
Hi, Robert

Thank you very much for the explaination. It works

"Robert Aldwinckle" wrote:

> "serene" <serene@discussions.microsoft.com> wrote in message
> news:7B4B900C-0893-4C9A-862D-08A58240C90B@microsoft.com...
> > I'm using tomcat 5.0 and IE 6.0.3790.1830.
> >
> > I created a file test.txt with content:
> > <script>alert('test_attachment')</script>
> >
> > I put test.txt under directory "C:\Program Files\Apache Software
> > Foundation\Tomcat 5.0\webapps\ROOT", then access this file from IE using url:
> > http://localhost:8080/test.txt, I can see the dialog of 'test_attachment'.
> >
> > so IE is executing the javascript, instead of using a default txt editor
> > such as notepad to open test.txt.
> >
> > But if I use firefox, firefox will display test.txt content, instead of
> > running the javascript.
> >

>
> > For IE, is this as designed? or is there any workaround to let IE display
> > test.txt content instead of running the javascript?

>
>
> By default IE does MIME sniffing and ignores the file extension.
> So, to see whether IE should be doing that you would have to consider
> the Content-type the file is being sent under plus the fact that this
> probably looks like HTML when it is scanned.
>
> You could try using the Custom Level Security setting which forces IE
> to respect the file extension.
>
>
> >
> > Thank you!

>
>
> Good luck
>
> Robert Aldwinckle
> ---
>
>
>

Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
How to prevent Defender from rolling back Hosts file change? JohnDavid microsoft.public.windows.vista.security 2 03-03-2008 02:33
Javascript Vivienne microsoft.public.windows.vista.performance maintenance 1 11-20-2007 11:55
How do I prevent ..... Mike microsoft.public.windows.vista.mail 1 11-20-2007 02:09
Renaming Files: Can I Prevent Explorer From Moving to Where the Renamed File Is? J. Danniel microsoft.public.windows.vista.file management 2 06-02-2007 15:06
javascript =?Utf-8?B?bWFyaW5l?= microsoft.public.windows.vista.music pictures video 1 04-04-2007 21:08




All times are GMT +1. The time now is 19:54.




Driver Scanner - Free Scan Now

Vistaheads.com is part of the Heads Network. See also XPHeads.com , Win7Heads.com and Win8Heads.com.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.6.0 RC 2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120