Updated April 26th 2007
An alternative solution to this problem is my FlashReplace library.
Although news of this has been around for a while, many people seem to have missed it and/or didn’t think it was worth reading up on. On the contrary, the implications of this are huge and will most likely affect a lot of web sites. Due to the patent case with Eolas, Microsoft has been forced to update how ActiveX components behave in web pages.
This dreaded update, named Microsoft Security Advisory (912945), has been available for a couple of months, but on April 11 it will be forced out en masse through Windows Update so we have a few days till all hell breaks loose. If you want to test your web pages before that, you can download the patch and install it right now.
The gist of the patch is that no interaction with ActiveX elements will be initially allowed until the user has enabled the ActiveX by clicking it or tabbing to it and then pressing
enter. When hovering the ActiveX element the user is presented with a tool tip text that reads:
Click to activate and use this control
Naturally, no one wants your Flash movies, videos and the likes to be presented to the end user like that. “Luckily”, there’s a fix for it, which I guess is because of some kind of glitch in the patent. If you create the ActiveX object, in most cases this means an
object tag, through script, then you will bypass this security warning.
There’s an article on MSDN, Activating ActiveX Controls, which describes different techniques doing this. Noteworthy is that it won’t work with inline scripts in the web page, only external ones.
Updated April 6th
Tools > Internet Options > Advanced, under Browsing.
What I think of this
I don’t know any deeper details of the patent case, but I think the whole idea of this sounds ridiculous. My general opinions/fears are:
- Using Flash or video in your web pages shouldn’t, in my opinion, be dependant on if script is available/enabled.
- I’ve done some testing and ran into problems in IE when adding
paramelements to an
objectusing DOM methods. Instead, writing out the same HTML code by using the
innerHTMLproperty worked… 😐
- With this, XHTML web pages served as
application/xhtml+xmlwill probably never see the light of day, since a lot of web pages will now depend on code like
innerHTMLdoes indeed work in Firefox when the XHTML code is served as
- What happens if/when Microsoft manages to appeal this decision and win in court? Should we all then change the code again?
If this sounds like too much to you and you want a library/tool to do all this for you when it comes to using Flash, you can take a look at FlashObject (although unfortunately it relies on
innerHTML to render the content).
How to uninstall the update
As life on the web goes, many web developers won’t be aware of this, which will result in that you, as an end user, will have to allow every ActiveX movie you see. The solution to this is to uninstall the patch (thanks to City Of Rain for the heads up.):
- Go to the Control Panel
- Choose Add or Remove Programs
- Check the Show Updates box
- Find Update for Windows XP (KB912945) and choose Remove
So, whatever you do, please read up on this. It will affect you, as a web developer, end user or when supporting your grandfather’s computer usage…