Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

A serious issue with jQuery and ActiveX security?

Has anyone not noticed that JQuery uses ActiveX controls?

When a user has limited their activex security they will get script prompt popups and a yellow bar accross the top of their browser window. -This setting is by default on Windows Servers. -Internet Cafe's dont support Active X. -Company internal workstations dont support this.

Considering this I don't see how people can use JQuery in a commercial application.

Do you use JQuery in a commercial application? Does this concern you? Do you think I should be concerned with this?

like image 793
rid00z Avatar asked Feb 10 '09 00:02

rid00z


2 Answers

Only spot where ActiveX is mentioned in the jQuery code is for the ActiveXObject which is used for XMLHttpRequests:

// Create the request object; Microsoft failed to properly
// implement the XMLHttpRequest in IE7, so we use the ActiveXObject when it is available
var xhr = window.ActiveXObject ? new ActiveXObject("Microsoft.XMLHTTP") : new XMLHttpRequest();

There's an open issue here ... seems like jQuery doesn't fallback to use the native XMLHttpRequest on IE7 (this is probably what you're experiencing).

Also this might help: link

like image 92
Luca Matteis Avatar answered Sep 28 '22 02:09

Luca Matteis


jQuery, like most libraries that provide support for AJAX, will use ActiveX to create the XMLHttpRequest object when running in IE. Because that's how you get an XMLHttpRequest object in IE. If you disable it, then you don't get AJAX.

So no, don't worry about it. If you don't use AJAX, then you won't have problems on systems where ActiveX is disabled; if you do, then you will have issues regardless of library, unless you use a work-around such as using iframes to submit background requests.

like image 40
Shog9 Avatar answered Sep 28 '22 02:09

Shog9