Detecting Current Internet Explorer Security Zone

Question

Is there any method of programmatically determining the current security zone settings for Internet Explorer?

I'd like to know when my site will have the XMLHttpRequest ActiveX control blocked due to IE security policy, but before the site actually tries to create it and thus causes the yellow bar to appear up the top (saying "To help protect your security, Internet Explorer has restricted this webpage from running scripts or ActiveX controls that could access your computer.")

Thanks.

Answer 1

In IE7, you could use the following JavaScript to get some idea of whether your site is trusted or not:

window.status = "test";
if (window.status == "test")
  alert("Trusted, or local intranet");
else
  alert("Not trusted, or internet");

This is based on the fact that in IE7 and onwards, scripts can no longer set the status bar text through the window.status method in the Internet and Restricted Zones. See the Release Notes for Internet Explorer 7

Answer 2

The security zone doesn't matter, because windows users can determine themselves which protocols are handled by which zone. Eg, I added the entire http and the entire https zone to the trusted sites zone (zone 2). This is done through the key

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet     Settings\ZoneMap\ProtocolDefaults

You can check for the document.protocol through javascript, but how is this going to help you?

if (document.protocol == "HTTP (HyperText Transfer-Protokoll)")

You assume it's internet zone, but on my computer it's the trusted zone complete with its own individual security settings. It sux that jscript won't allow you to get the individual security setting values for each zone.

It is possible to execute activex objects without that stupid yellow bar, but you need to add the com objects guids to the list of safe com objects. This is done through the registry. Default is unsafe for most objects with the exception of some stupid useless crap objects like flash activex, wmp activex and stuff

Answer 3

I'd like to know when my site will have the XMLHttpRequest ActiveX control blocked due to IE security policy

You can't even if you did know what zone you were in, since you can't read the per-zone settings, and as of IE6SP2 there are more settings that affect ActiveX that aren't configurable on a per-zone basis. (IE7 has even more control-specific settings.)

I know no way to speculatively create an XMLHttpRequest and avoiding the yellow bar, short of only ever using the native 'new XMLHttpRequest()' object, which makes you IE6-incompatible.

Answer 4

Note : I can't delete an accepted answer, but you may find this answer useful .

Original answer:

There's no handle in JavaScript to detect the security zone being used by IE.

In order to do what you need to do, you could check document.location and determine the security zone from that.