none
WPF WebBrowser Control - Allow Blocked Content Setting

    Question

  •  In my WPF app that contains a WebBrowser control I get the following message when I set the Source to a local HTML file (that uses javascript)
    "To help protect your security, Internet Explorer has restricted this file from showing active content that could access your computer".

    But when I load the same html file in IE6 I do not get the Allow Blocked Content message like above. The WebBrowser control also didn't show this message till yesterday, the only thing different I did is that I installed the 2 XP updates.

    I installed two updates for XP (KB 950760 and KB 950760) yesterday, could that be related ?? Why is the Webbrowser control not using the same settings that IE use?

    I also have the following settings,

    In Internet Explorer->Tools menu->Options->Internet Options dialog->Advanced tab->Security options.  "Allow active content to run in files on My Computer" check box is enabled.
    and
    Tools menu->Internet Options->Security tab->Internet Web content zone->->Custom Level.
    •   In the Settings box->Scripting section->Active scripting and Scripting of Java applets settings are disabled.

    TIA
    Shilpa



    Friday, July 11, 2008 6:13 PM

All replies

  • When the HTML page is loaded from local machine (local file path), the ActiveX control can be blocked by the Local Machine Lockdown feature.  You should be able to workaround it by adding a mark-of-web (<!-- saved from url=(0014)about:internet -->) at the beginning of your HTML page.
    Thursday, August 14, 2008 1:23 AM
  • I've seen a number of forums which suggest this solution (mark of the web) to this problem (loading a local html file with javascript\activex into the wpf webbrowser).

    I think I'm missing something however, as this solution just causes another issue i.e. the links in the html which point to to other local html files no longer work,  being (I think) treated as remote files.

    Just to be clear, my situation is as follows:

    a) My wpf app has a web browser to host contest sensitive help
    b) Help for my app is deployed locally as a number of html files which link to each other.
    c) The help tool which generates the help html inserts some javascript for formatting/expanding sections etc

    Obviously I would like the "blocked content" banner not to appear every time the app opens, as that looks amateurish, but would also like the links between files to still function. To me this seems like a fairly reasonable proposition, and a not uncommon use case.

    Is there perhaps someting I can do with the html links to keep the mark of the web but allow the links to function?

    Suggestions would be greatly appreciated.

    Dan
    Wednesday, December 10, 2008 11:47 AM
  • Hi,

    Have you got the solution? I am getting same alert message in my browser control placed on wpf window.

    Thanks
    Tuesday, June 09, 2009 6:08 AM
  • I have the exact same problem as Dan did. I don't want the banner to appear but at the same time, I want to preserve the links to external files. If I use the mark-of-web, every time I tried to access an external file using JavaScript, I got the error message "Access is denied." It's amazing that after 10 months, there haven't been any solutions to this problem. What I have done to work around is to embed all the external resources to one single html file and then navigate to stream. However, this solution is not pretty and is the least I want to use.

    Tung.

    Monday, April 19, 2010 7:28 PM
  • For anyone still experiencing this problem there is another potential solution here

    <quote>

    To load the documents, we just set browser.Source to be the following:

    file://127.0.0.1/c$/path/to/the/file (where the path is an absolute path without C:\, for example, c$/Users/jschuster/mydocument.html)

    For whatever reason, the control will display files referenced by a URL in that format without a warning.

    </quote>

    Monday, July 12, 2010 3:44 PM
  • For anyone still experiencing this problem there is another potential solution here

    <quote>

    To load the documents, we just set browser.Source to be the following:

    file://127.0.0.1/c$/path/to/the/file (where the path is an absolute path without C:\, for example, c$/Users/jschuster/mydocument.html)

    For whatever reason, the control will display files referenced by a URL in that format without a warning.

    </quote>

    Did Jack Diddly Squat for me.
    Wednesday, August 04, 2010 12:26 AM
  • Use <!-- saved from url=(0016)http://localhost -->

     


    Friday, May 06, 2011 7:11 AM
  • old thread but localhost mtw above just makes it display the do you want to run activex?

    Once you eliminate the impossible, whatever remains, no matter how improbable, must be the truth. - "Sherlock holmes" "speak softly and carry a big stick" - theodore roosevelt. Fear leads to anger, anger leads to hate, hate leads to suffering - Yoda. Blog - http://jefferycarlsonblog.blogspot.com/


    • Edited by The Thinker Wednesday, May 16, 2012 2:01 PM
    Wednesday, May 16, 2012 2:01 PM
  • i figured out to disable the messages for unsafe code which it calls activex com objects put mark of web for localhost such as this:

    <!-- saved from url=(0016)http://localhost -->

    then set the initialize and script activex controls not marked safe for scripting in intranet zone in ie's settings to enable to prevent the unsafe message from appearing after getting rid of allow blocked content setting.


    Once you eliminate the impossible, whatever remains, no matter how improbable, must be the truth. - "Sherlock holmes" "speak softly and carry a big stick" - theodore roosevelt. Fear leads to anger, anger leads to hate, hate leads to suffering - Yoda. Blog - http://jefferycarlsonblog.blogspot.com/

    • Proposed as answer by The Thinker Wednesday, May 16, 2012 3:37 PM
    Wednesday, May 16, 2012 3:37 PM
  • I just happened to do the following:

    I found a site explaining WPF security: WPF Security

    and on the bottom it reads about the LOCAL_MACHINE_LOCKDOWN feature of Internet Explorer.
    I added an entry to the registry containing the name of my program (e.g. wpfapp.exe) as DWORD and set the value to 0 (zero) -> no more yellow information bar!!

    • Proposed as answer by koenig1985 Thursday, November 29, 2012 10:29 AM
    Thursday, November 29, 2012 10:28 AM
  • Sounds like you found a another answer to same problem. Nice!

    Once you eliminate the impossible, whatever remains, no matter how improbable, must be the truth. - "Sherlock holmes" "speak softly and carry a big stick" - theodore roosevelt. Fear leads to anger, anger leads to hate, hate leads to suffering - Yoda. Blog - http://www.computerprofessions.co.nr

    Thursday, November 29, 2012 12:58 PM
  • I found out today, that you can also use \\127.0.0.1\C$\... to avoid the "allow blocked content" ribbon.
    At least it worked for me...

    Tuesday, January 29, 2013 3:28 PM
  • Try to use this in your page

    <head>

    <meta http-equiv="X-UA-Compatible" content="IE=9" > 

    </head>


    Monday, July 01, 2013 4:24 PM