The mark of the web.

Posted in Development by MB on 12/09/07

This is a handy little item:
http://msdn2.microsoft.com/en-us/library/ms537628.aspx 

The “Mark of the web” is a specially formatted html comment which resides at the top of an HTML document, just below the DOCTYPE declaration.

It might look like this: 

<!-- saved from url=(0023)http://www.contoso.com/ -->

The "Mark of Zorro the web” tells Internet Explorer 7 (and IE 6 under XP SP2) that the web page you’re looking at is from the internet (and it’s here to help!) and it should use internet-appropriate security settings.

Typically this  mark is applied by IE when you save an HTML document from a web site to your local hard drive.

However, you can take advantage of this mark for your own needs, by adding a generic mark like the following (beneath the DOCTYPE, and before the opening HTML tag):

<!-- saved from url=(0014)about:internet -->

Now why might you want to do this?

Newer versions of Internet Explorer on Windows have a “heightened” security model which prevents local HTML files from doing anything “active” like run a JavaScript (or VBScript) or run content powered by an ActiveX plugin (like Flash or Quicktime). 

If you have ever tried to test some JavaScript in IE running from a web page saved to your desktop, you have seen the infamous “information bar” which helpfully tells you that “active content” has been blocked, but you can allow it here, by clicking this button, turning this crank, supplying the password, and defeating the ogre at the end of level three.

Of course if your test page links to second local page…you have to go through the information bar a second time.

 The mark of the web allows a local HTML document to pretend like it has been loaded from the internet security zone, and will then allow you to run JavaScripts, Flash, Applets, and the like.

If you publish HTML documents which need to be read from a CD, from your hard drive (like help files, a catalog, or documentation) this will come in handy.

The Mark of the Web will not let you access a second page via an AJAX type request* - so while it’s helpful, it’s not a cure-all.

I discovered this little tidbit at work when I was trying to put together some HTML software prototypes that could be run on an analyst’s laptop (without having to run IIS or some such silliness). 

*In my tests with a Prototype Ajax.Updater object the request failed silently. Iframes should work ok, provided the document loaded in the iframe has the MOTW too, but I haven’t tested it.

« Previous | Next »

Leave a comment.
Trackback.