I've just installed this update, which includes several new security features. One of these checks Javascript, and will present an alert if there is any 'suspicious' code.That's OK, except that legitimate actions like creating a new window in response to a user click are treated as being 'iffy' for local (on disk) pages, whereas the same page on a server works fine. Further, even if you turn off the pop-up blocker via the Tools menu, the alert is still shown! Code for copying text to the clipboard is also considered suspect, and there may well be other cases.
This must be a bug, and I have reported the matter to Microsoft. The concern for users here is that if your application contains Javascript - as many do I expect - then your XP Pro SP2 end users may be confused and rather annoyed. Unfortunately there is no work-around that I know of - we will just have to wait for MS to sort it out.
----------------------------------------------------
I've since done some further investigation, and it seems that practically any Javascript is treated as 'Active Content'. It is possible to disable the security check for this, but that would enable things like ActiveX controls to run, which really can be dangerous. Thus MS appear to have classified Javascript in the same league, even though this cannot directly affect files except via cookies.
I now believe that this is a serious matter that Sunil should investigate, and take up with Microsoft.
(Edited by rprosser at 6:54 pm on Sep. 15, 2004)
