Avoiding Internet Explorer Security Dialog Boxes
Neither the Windows Media Center session nor the Windows Media Center Extender session prevents Windows Internet Explorer from displaying security dialog boxes. Because these dialog boxes could cause unnecessary concern and are difficult to read on a TV screen, they can create an unpleasant experience for the user.
Windows Media Center now displays three security dialog boxes (rather than displaying the Internet Explorer dialog boxes) for crossing from a secure to an unsecure site, crossing from an unsecure to a secure site, and sending an unsecure text message even when within a secure site. However, if a process is outside of the scope of the hosted MSHTML, an Internet Explorer security dialog box may be displayed.
Your application should avoid situations that cause Internet Explorer to display security dialog boxes, such as the following:
- Serving mixed (secure and unsecure) content in the same Web page
- Using long-running or infinite loops in scripts
- Loading controls that are not marked as safe in locally-served HTML pages
Serving Mixed Content in the Same Web Page
The user will be prompted to consent to visiting a Web page that contains encrypted and non-encrypted data. This often occurs when a Web page is a Secure Sockets Layer (SSL) page used to collect sensitive information, but contains images that are rendered from a non-SSL Web site (HTTP instead of HTTPS). To prevent this from happening, be sure to host the images on the SSL site in addition to the unsecure site, and be certain that no embedded URLs used to render content contain HTTP in the secure Web pages.
Using Long-Running or Infinite Loops in Scripts
If you have a Web page that is executing infinite loops or loops that have a large number of iterations, Internet Explorer has a mechanism to detect this and alert the user, giving them the option to cancel the action. Long-running loops should continue to update the display during script execution, and time out the script if necessary. For more information, see Updating the Display During Lengthy Operations on the MSDN Web site.
Loading ActiveX Controls Not Marked as Safe
If your control does not create a security issue, meaning a malicious user cannot load your control to execute damaging code on another user's computer, you should mark your control as safe for scripting. Your code can use the IObjectSafety interface to designate your ActiveX control as safe for scripting. For more information, see Designing Secure ActiveX Controls on the MSDN Web site.
See Also