How to make your website work with
Microsoft® Windows® XP with Service Pack 2 (SP2)
This article
covers the following topics.
o
Does your website use Microsoft ActiveX® controls?
o
Does your website allow users to download files?
o
Does your site use pop-up windows?
o
Does your website depend on the Microsoft Java Virtual Machine (MSJVM)?
o
Window Restrictions
o
Does your website use HTML dialogs?
o
General Tips
Does your website use Microsoft ActiveX® controls?
- A website navigated to a page that attempted to instantiate an
ActiveX control.
- The navigation would have resulted in an ActiveX installation
prompt.
- A qualified previous version of the ActiveX control is not already
installed on the system. An existing ActiveX control is considered qualified
if the following points are true:
-
The globally unique identifier (GUID) of the updated control is the
same as the GUID of the existing control.
-
Both the updated control and the installed control are Microsoft
Authenticode® signed, with a certificate provided by the same issuer and
issued to the same subject.
A: Make sure
that all controls distributed through your website are signed and have
up-to-date signatures. These signatures must be on the .cab files as well as the
.dll files. If these are not signed with valid signatures, Internet Explorer
will block them from installing.
A: The
recommended solution is to place a span within object tags detailing that the
page could not load. If your site does not do this, the user will be moved to
the new page after the Information Bar blocks your control, and will not be
given a chance to install the control.
A: Update
these images to reflect the new Authenticode user interface (UI) to prevent user
confusion.
General ActiveX Don’ts
Don’t tell
users to lower their security settings when ActiveX controls are not
instantiated.
Does your website allow users to download files?
A: File
downloads are blocked in the following cases:
- a website
attempted to navigate to a resource
- the
navigation would have resulted in a file download dialog box being displayed
- the user
did not initiate navigation with a mouse click or key press
To correct
this, make all downloads the result of a user-initiated action.
A: You should
correct all of these mismatches. Both the Content-Type and the file extension
must match the type of the file for a download prompt to appear. Be sure this is
true for your Web pages as well. If the Content-Type is plain/text then they
will not render as HTML.
A: Update
these images to reflect the new Download dialog UI to prevent user confusion.
Does your site use pop-up windows?
A: This method
has been restricted to allow only one pop-up window per page.
Internet
Explorer will attempt to block any window opened automatically from:
- a script,
with the exception of createPopup()
- modal and
modeless dialogs
- DHTML
elements overlapping content on the page.
A pop-up
window that opens as a direct result of a user action (e.g., clicking a page
element) will not be blocked.
Function calls
that return a window object will return null if the window is blocked. Always
check the value of window.open to avoid script errors when pop-ups are blocked.
A: These
pop-up windows will be blocked by the pop-up blocker. There is no workaround.
- Don’t
redirect on pop-up window failure.
- Don’t use
the setTimeOut() method within a click event because the pop-up window will
not be launched.
- Don’t
close pop-up windows automatically if a pop-up window, download, or ActiveX
control gets blocked. If you do, the user will not be able to click on the
Information Bar and accept the pop-up window, download, or ActiveX control.
Does your website depend on the Microsoft Java Virtual
Machine (MSJVM)?
See
“Transitioning from the Microsoft Java Virtual Machine” on the Microsoft website
at
http://go.microsoft.com/fwlink/?LinkId=21850.
Window Restrictions
Q: Does your website position windows so that the title
bar or address bar is above the visible top of the display or the status bar is
below the visible bottom of the display?
A: Review your
code to ensure you understand the restrictions now in place for script-initiated
windows using the window.open() or window.createPopup() methods. The script will
call the same methods for the creation of an Internet Explorer window with
chrome (using the window.open() method) or an Internet Explorer chromeless
pop-up window (using the window.createPopup() method). However, the design might
need to be reviewed to ensure that pop-up windows are appropriately visible to
the user and that the status bar contains accurate information.
The following
are guidelines for working with script-initiated window calls in a process
running the Windows Restrictions Security feature.
For windows
opened using window.open:
- Expect
the status bar to be present, and code for it. The status bar will be on by
default and is 20-25 pixels in height.
- Adjust
your window’s size and content so it will fit well visually with the
window’s overall size. The window will not cover the taskbar, so it may lose
40 pixels if the status bar is on and the taskbar is not accounted for.
Vertically size the window no more than 30 pixels outside the taskbar.
- Do not
open windows off-screen—they will be moved by the smallest offset of x- and
y-coordinates that allows the window to fully display on-screen. There are
alternatives to opening a window off-screen or in full-screen mode that work
with these restrictions and still provide the desired user experience. These
options differ based on the processing that is taking place, and must be
explored on a case-by-case basis.
- As
before, the display of the window will be affected by the display theme,
font size, and resolution, so you may also need to account for these UI
influences when you are designing your windows.
For windows
opened using window.createPopup:
- Adjust
the window’s size and content so it will look fit well visually with the
window’s overall size. With this new feature, the window will not cover its
parent window’s title bar or status bar, so it may lose 40 pixels if the
title and status bars are not accounted for. Vertically size the window no
larger than the parent’s WebOC.
- Do not
open windows off-screen—they will be moved by the smallest offset of x- and
y-coordinates that allows the window to fully display on-screen. There are
alternatives to opening a window off-screen or in full-screen mode that work
with these restrictions and still provide the desired user experience. These
options differ based on the processing that is taking place, and must be
explored on a case-by-case basis.
- As
before, the display of the window will be affected by the display theme,
font size, and resolution, so you may also need to account for these UI
influences when you are designing your windows.
A window
opened with the window.open() method as a direct result of a user action (e.g.,
clicking a page element) and not automatically through a script can still be
configured to run in full-screen mode or without a status bar.
Does your website use HTML dialogs?
A: This is not
recommended behavior; the Information Bar will not be shown when these are
blocked and the user will have no way to allow them. The suggested workaround is
to initiate these behaviors from an Internet Explorer window.
General Tips
Exception: This change does not affect cases where a
“content-disposition=attachment” header is sent. In those cases, the file name
or extension suggested by the server is considered final and is not changed
based on Multipurpose Internet Mail Extensions (MIME) sniffing.