Milonic provide full featured pull down web menus for some of the worlds largest companies
click here to see what it can do for you

Download Milonic DHTML Menu
Buy Milonic DHTML Menu

Back To Start Of Archive
Taken From The Forum: Anything Goes
Forum Topic: Click to view post
Last Updated: Saturday July 14 2012 - 06:07:06

JS query (non Milonic related)


Poster: fredlongworthhighschool
Dated: Wednesday October 20 2004 - 9:03:20 BST

I'm trying to create a page that displays the computer name and user's log on name on the screen with a bit of Javascript.

I've got the page to work:

http://www.flhs.wigan.sch.uk/test/test.htm

but have two problems. When running locally I get a message asking if I want to run the ActiveX script.

When I try and run the page from a server I get the error message "A runtime error has occurred, do you wish to debug? Error: Automation server can't create object".

I'm running WinXP SP1 locally, Win server 2003 with IIS on the server.

Does anyone have any ideas?


Poster: kevin3442
Dated: Friday October 22 2004 - 7:43:13 BST

Hi Andy,

It sounds to me like it's a security issue... The code you're using to write the computer name and username :
Code:
document.write("Computer: "+windows.network.computerName);
document.write("User: "+windows.network.userName);

is trying to access the client's Network system through scripting... a huge potential security risk (especially since the WScript() also provides access to the client's Shell and File System... ouch!). The ActiveX control you're trying to use probably isn't marked as a safe script. You could test that by customizing your IE Security settings: set "Initialize and script ActiveX controls not marked as safe" to "prompt" or "enable". Does it work now? If it does, you know the cause, but you're still left with two problems:

(1) This action would, of course, lower the overall ActiveX security setting for IE on that machine, allowing other potentially non-safe controls to run; probably not a good idea to do beyond just testing to see if that's the root of the issue (so set it back to its original setting after the test). A potential workaround might be to add the specific site to the "Trusted Sites" list under the security settings (you'll need https:// instead of http:// to do that). I believe that would "lower" the security settings for just that particular site without compromising security for other sites. Of course, that brings up problem #2...

(2) You can control client-side security settings remotely (or at least you're not supposed to be able to ;) ). So, unless you're working on an Intranet with a known set of clients that you can control, you're hosed.

Hope that helps,

Kevin