Hi,
I wrote a full-screen web app that runs locally to display my video collection via a 10-foot user interface I created with HTML/CSS/JavaScript. It uses Scripting.FileSystemObject to process local files and WScript.Shell to run applications (e.g., video player app).
However, I found it impossible to treat my web app local folder as a Trusted Site to avoid all the prompts.
1. I tried it as an HTA, but I kept running into major glitches with the HTML5/CSS3 support for HTA's when enforcing the latest HTML version and Internet Explorer version (11). So I had to scrap that and go with a web app.
2. I tried enabling "Allow active content to run files on My Computer", but this did not stop ActiveX prompts, and also left me vulnerable to any possible malware apps on my local drive.
3. I tried adding the local web apps folder as a "Trusted Site", but despite posts regarding previous IE versions working with "file:///C:\Users\MediaCenter\WebApps\", "file:///C:/Users/MediaCenter/WebApps/", etc., I had no luck (I was constantly prompted of the incorrect syntax).
4. I considered exposing the "My Computer" security zone based on posts, but this did not seem to work for IE11 and seemed risky without the ability to limit the trust to my web apps folder.
5. So, I ended up posting the primary shell HTML file of my web app to my personal website with a "base" tag referring to my local folder (base href="file://C:/Users/MediaCenter/WebApps/") for the .js scripts, .css files, and images (in addition to my direct access to local data files). Then, I added my personal website to the "Trusted Sites" (with "Initialize and script ActiveX controls not marked as safe for scripting" enabled on top of the default "Medium-Low" security level). This quirky solution works as long as I have an internet connection for my Media PC.
6. I also tried to use the "Trusted Sites" design above with my personal website, but using the HTML file (with a Mark of Web tag to my personal website) in my local web apps folder. This did not work like when the HTML file was accessed directly from my personal website, since it never fully provided full ActiveX access nor even the prompts.
My question is: am I missing something here to be able to implement a clean solution? Ideally I would have like option 3 (instead of my current option 5) if there is a syntax to make it work.
Thanks,
Steve
I wrote a full-screen web app that runs locally to display my video collection via a 10-foot user interface I created with HTML/CSS/JavaScript. It uses Scripting.FileSystemObject to process local files and WScript.Shell to run applications (e.g., video player app).
However, I found it impossible to treat my web app local folder as a Trusted Site to avoid all the prompts.
1. I tried it as an HTA, but I kept running into major glitches with the HTML5/CSS3 support for HTA's when enforcing the latest HTML version and Internet Explorer version (11). So I had to scrap that and go with a web app.
2. I tried enabling "Allow active content to run files on My Computer", but this did not stop ActiveX prompts, and also left me vulnerable to any possible malware apps on my local drive.
3. I tried adding the local web apps folder as a "Trusted Site", but despite posts regarding previous IE versions working with "file:///C:\Users\MediaCenter\WebApps\", "file:///C:/Users/MediaCenter/WebApps/", etc., I had no luck (I was constantly prompted of the incorrect syntax).
4. I considered exposing the "My Computer" security zone based on posts, but this did not seem to work for IE11 and seemed risky without the ability to limit the trust to my web apps folder.
5. So, I ended up posting the primary shell HTML file of my web app to my personal website with a "base" tag referring to my local folder (base href="file://C:/Users/MediaCenter/WebApps/") for the .js scripts, .css files, and images (in addition to my direct access to local data files). Then, I added my personal website to the "Trusted Sites" (with "Initialize and script ActiveX controls not marked as safe for scripting" enabled on top of the default "Medium-Low" security level). This quirky solution works as long as I have an internet connection for my Media PC.
6. I also tried to use the "Trusted Sites" design above with my personal website, but using the HTML file (with a Mark of Web tag to my personal website) in my local web apps folder. This did not work like when the HTML file was accessed directly from my personal website, since it never fully provided full ActiveX access nor even the prompts.
My question is: am I missing something here to be able to implement a clean solution? Ideally I would have like option 3 (instead of my current option 5) if there is a syntax to make it work.
Thanks,
Steve