Fine-Tune Your Web Site for Windows XP Service Pack 2

Microsoft Corporation

July 2004

Applies to:
   Microsoft Active X controls
   Microsoft Internet Explorer
   Microsoft Outlook Express
   Microsoft Windows XP Service Pack 2 (SP2)

Summary: Make your Web site work well with the new security features in Windows XP SP2 that affect ActiveX controls, file downloads, pop-up windows, and more. (7 printed pages)

Does Your Web Site Use Microsoft ActiveX Controls?
Does Your Web Site Allow Users to Download Files?
Does Your Web Site Use Pop-up Windows?
Does Your Web Site Depend on the Microsoft Java Virtual Machine (MSJVM)?
Browser Window Restrictions
General Tips

In Windows XP Service Pack 2 (SP2), the modal installation prompt for ActiveX controls will be initially suppressed using the Information Bar. An exception is made for upgrades to controls that have already been installed on the computer, providing that they meet the following criteria:

• The file registered as the ActiveX control must be signed with Authenticode technology. (This file is referenced from HKEY_CLASSES_ROOT\CLSID\{control_clsid}\InProcServer32, where control_clsid is the CLSID specified by the OBJECT tag.)
• The publisher name in the digital signature of the new control matches the publisher name in the digital signature of the existing control.
• If the ActiveX control is packaged in a CAB file, the CAB file must be signed. The DLL or OCX to be installed should also be signed in order for subsequent upgrades to bypass the Information Bar.

If the Information Bar suppresses an ActiveX control and the control takes up area on the page, Internet Explorer will show an inline icon and text in place of the control indicating the ActiveX control needs to be installed. End users will be able to click on this area or the Information Bar to install the ActiveX control.

If so, be aware future installation prompts to upgrade this control will also be suppressed by the Information Bar unless you sign the DLL or OCX to be registered as the ActiveX control.

Some Web pages automatically redirect or behave differently when refreshed after a control is not installed. In some cases, building your site this way might prevent the user from being able to install the control, providing a bad user experience.

Since a Web page cannot distinguish between the user declining the installation of an ActiveX control and the control getting suppressed by the Information bar, the recommended practice for installing an ActiveX control is to create an instance of the control on a standalone Web page that explains the purpose of the control. Also, use a <SPAN> section within the <OBJECT> tag to dynamically show Help text to the user for installation failures.

In order to prevent user confusion, you can update these images to reflect the new Authenticode user interface (UI). You can use the user agent string to determine the correct version of the browser. (See General Tips for more information on detecting SP2).

If the dialog does not provide an option to install the ActiveX control, the file might not be correctly signed. Ensure that you have signed the file and the signature is still valid. By default SP2 now blocks the installation of an ActiveX control when its signature is invalid.

• Do not install ActiveX controls using a pop-up window or HTML dialog.
• Do not suggest to users they should lower their security settings to install an ActiveX control.
• Do create an instance of the ActiveX control on a standalone page describing the purpose and end-user impact of the control.

In SP2, the Information Bar will suppress file download prompts that are launched automatically.

In SP2, the prompts used for file downloads, mail attachments, shell process execution, and program installation have been modified to be more consistent and clear than they were in Windows XP Service Pack 1 (SP1). In SP2 the publisher information will be shown after downloading a file type that can potentially harm the user's computer and can be signed. (Common examples of file types that can be signed and that can potentially harm the user's computer are .exe, .dll, .ocx, .msi).

A file download prompt will be suppressed by the Information Bar if a Web site attempts to navigate to a resource that would have resulted in a file download dialog box being displayed when the user did not initiate the navigation with a mouse click or key press.

To ensure downloads are not suppressed, you can make all downloads the result of a direct user action.

If your site serves files that are handled by mime-handlers, the file extensions on those files should correspond to the same ProgID as the mime-handler. If the Content-type ProgID for a given file does not match the file extension ProgID, Internet Explorer in XP SP2 may take the following actions: 1) the user may be prompted to download the file and 2) the file will not be executed in the extension-handler if it fails to execute in the mime-handler.

You can correct these mismatches by changing the content-type to match the file extension. Be sure this is true for your Web pages as well.

Exception: This change does not affect cases where a "content-disposition=attachment" header is sent. In those cases, the file name or extension suggested by the server is considered final and is not changed based on Multipurpose Internet Mail Extensions (MIME) sniffing.

Make sure you update any images pointing to download prompts to reflect the new download dialogs if the customer is using Windows XP Service Pack 2. To determine the version of the image to show, you can use the User Agent string in Internet Explorer (see General Tips for more information on detecting SP2).

SP2 now checks the digital signature for files that can be digitally signed. The most common examples of these files include files with the following extensions: .exe, .dll, .cab, .ocx, and .msi. If you are the publisher of files that can be signed using Authenticode technology, customers will now have the ability to validate that you created the file. This applies to both Internet Explorer and Outlook Express.

Internet Explorer includes a pop-up blocker that is turned on by default in SP2. This pop-up blocker might interfere with sites that automatically generate new windows from script. The pop-up blocker includes an Allow list that can help in cases where automatic pop-ups are required. By default, the pop-up blocker will not attempt to block pop-ups launched from the Intranet or Trusted Sites zones.

Internet Explorer will attempt to block any window opened automatically from script, with the exception of createPopup(). Some common functions that are affected are window.open(), showModelessDialog(), showModalDialog(), and showHelp(). (Note: Targeting the search pane automatically is also blocked due to pop-up blocking restrictions.)

A pop-up window opened as a direct result of a user action (e.g., clicking a page element) will not be blocked. Pop-up blocking does not apply by default to the Intranet or Trusted Sites Zones.

Functions that return a window object will return null if the window is blocked. Always check the return value of window.open() before using it to avoid script errors when pop-ups are blocked.

Wherever possible, do not redirect or close windows based on blocked content. If your site redirects to a different site when a pop-up was blocked, it might be more difficult for the customer to show the blocked pop-up. The re-directed site will not show the Information Bar that usually appears to give customers easy access to the pop-up in this case.

Similarly, if a window is closed due to a blocked pop-up, the Information Bar entry point to show the blocked pop-up will disappear along with the window.

Wherever possible, do not launch an automatic pop-up window from another pop-up window. The second launch will not be considered a user action in the Pop-up Blocker and will be blocked.

In Windows XP Service Pack 2, the setHomePage() function can only be launched from a user action similar to pop-up windows. Automatically launched setHomePage() prompts will be blocked.

Internet Explorer may block certain windows if the site opens them after requesting information asynchronously even if the user did click a link to open the window. Windows are not blocked if opened directly from a user-initiated action (a mouse-click) before requesting asynchronous information. User-initiated actions are not persisted across navigations.

As with other pop-up windows, if the window is not launched from a user action, the Pop-up Blocker will block it. One window will be allowed to open in response to a direct user action.

• Do not redirect on pop-up window failure.
• Do not close or automatically redirect browser windows if a pop-up window, download, or ActiveX control is suppressed. If you do, the user will not be able to click on the Information Bar and accept the pop-up window, download, or ActiveX control.
• Do not launch a pop-up window from a pop-up window.
• Do not launch multiple pop-up windows from one user action.
• Do not launch automatic pop-up windows from showModelessDialog() or showModalDialog() calls.

See Microsoft Java Virtual Machine Support on the Microsoft Web site.

Review your code to ensure you understand the restrictions now in place for script-initiated windows using the window.open() or window.createPopup() methods. The script can call the same methods for the creation of an Internet Explorer window with chrome (using the window.open() method) or an Internet Explorer chromeless pop-up window (using the window.createPopup() method). However, the design might need to be reviewed to ensure that pop-up windows are appropriately visible to the user and that the status bar contains accurate information.

The following are guidelines for working with script-initiated window calls in a process running the Windows Restrictions Security feature.

For windows opened using window.open():

• Expect the status bar to be present, and code for it. The status bar will be on by default and is 20-25 pixels in height.
• Adjust your window's size and content so that it will fit well visually with the window's overall size. The window will not cover the taskbar, so it might lose 40 pixels if the status bar is on and the taskbar is not accounted for. Vertically size the window no more than 30 pixels outside the taskbar.
• Do not open windows off-screen—they will be moved by the smallest offset of X and Y coordinates that allows the window to fully display on-screen.
• As before, the display of the window will be affected by the display theme, font size, and resolution, so you might also need to account for these UI influences when you are designing your windows.
• Note: window.open() with fullscreen=yes will now result in a maximized window, not a kiosk mode window.

For windows opened using window.createPopup():

• Adjust the window's size and content so it will fit well visually with the window's overall size. With this new feature, the window will not cover its parent window's title bar or status bar, so it might lose 40 pixels if the title and status bars are not accounted for. Vertically size the window no larger than the currently visible area of the page.
• Do not open chromeless windows outside the HTML rendering surface of Internet Explorer—they will be moved by the smallest offset of X and Y coordinates that allows the window to be fully displayed inside the client area. There is one exception: up to half of the window can exist outside the left or right edge of the Internet Explorer client area.
• As before, the display of the window will be affected by the display theme, font size, and resolution, so you might also need to account for these UI influences when you are designing your windows.

You can use window.navigator.userAgent to detect if the browser connecting to your site is Internet Explorer in SP2.

var g_fIsSP2 = false;
function browserVersion()
{
   g_fIsSP2 = (window.navigator.userAgent.indexOf("SV1") != -1);
   if (g_fIsSP2)
   {
   //This browser is Internet Explorer in SP2. 
   }
   else
   {
   //This browser is not Internet Explorer in SP2.
   }
}

If the user agent string contains "SV1", the browser connecting to your site is Internet Explorer in SP2.

Try not to create a new instance of an ActiveX control, automatically launch file downloads, or automatically launch pop-up windows from these dialogs, if possible. The Information Bar will not be shown when content is suppressed in this scenario, and the user will not have an easy way to allow the content. The suggested workaround is to initiate these behaviors from an Internet Explorer window.

Try not to re-direct to another Web page when the browser suppresses content such as ActiveX controls, download prompts, or pop-ups, if possible. The Information Bar might not appear on the re-directed page when this content is suppressed, and the user might not easily be able to see the content.