Scripting.Filesystemobject filemove, writefile not working from javascript in IE browser (workarounds, doc?)_问答_开发者

Scripting.Filesystemobject filemove, writefile not working from javascript in IE browser (workarounds, doc?)

开发者 https://www.devze.com 2022-12-17 23:05 出处：网络

I know it\'s a huge security hole to use Scripting.Filesystemobject from javascript in the browser.I heard a rumor that MS is locking down this hole in the latest version of Office.This would be bad n

I know it's a huge security hole to use Scripting.Filesystemobject from javascript in the browser. I heard a rumor that MS is locking down this hole in the latest version of Office. This would be bad news for the enterprise web app I am working on, which has a few critical functions which depend on access to Scripting.Filesystem object, like writing out xml files or moving audio files.

I have tried but failed to find any 'hard' documentation on this, and while my local dev box exhibits this behavior, others' machines here (which do not have latest version of anything except IE) do not exhibit the behavior. If anyone can point me towa开发者_StackOverflowrds documentation confirming this - and or a workaround that does not involve creating an activeX control - I would be very grateful.

Thank you!

This article kb240797 discusses IE kill bits. In the registry you will find this key:-

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility

Under which you will find a set of CLSIDs (the CLSID for FileSystemObject is: {0D43FE01-F093-11CF-8940-00A0C9054228}). If the "Compatibility Flags" value has the bit 1024 (0x400) on (the kill bit) the activex component is blocked.

I've also heard that MS have or are planning to kill FileSystemObject but I haven't seen this officially and it isn't true on my current system. However it could be that they may internaly block it such a way that even fiddling with the kill bit won't help.

I don't know if this helps, but I've heard nothing along the lines of FileSystemObject being deprecated. I'd love to see your sources for this. Another thing to note is that the last "major" ActiveX control to be deprecated for being a security risk was CAPICOM, but this was announced with the release of Vista and finally removed in Windows 7. The documentation was also changed to reflect this deprecation and suggest alternatives well in advance.

Many (MANY!) shell scripts rely on FileSystemObject for file operations, so I find it hard to believe it would be deprecated without an alternative being provided. If it makes a difference, FileSystemObject is still accessible from Windows Desktop Gadgets which run on the IE engine.

You wouldn't, shouldn't ever access the users files system through a browser, for legit or illegit reasons.

The very, very best case example of accessing local storage is done through systems like Google Gears, and even those systems are often argued against by web/thin client purists.