Serious security issue with jQuery and ActiveX?

Question

Serious security issue with jQuery and ActiveX?

Has anyone noticed that jQuery uses ActiveX controls?

When the user has restricted their activex protection, they will receive script tooltips and a yellow bar over the top of their browser window. -This default setting is set on Windows servers. -Internet Cafe does not support Active X. -The company of internal workstations does not support this.

Given this, I do not see how people can use jQuery in a commercial application.

Do you use jQuery in a commercial application? Does this mean you? Do you think I should do this?

+7

javascript jquery internet-explorer activex

rid00z Feb 10 '09 at 0:35

source share

6 answers

jQuery, like most libraries that support AJAX, will use ActiveX to create an XMLHttpRequest object when working in IE. Because you get the XMLHttpRequest object in IE. If you disable it, you will not get AJAX.

So no, don't worry about that. If you do not use AJAX, you will have no problems with systems in which ActiveX is disabled; if you do, then you will have problems regardless of the library, if you are not using a crawl, for example, using iframes to send background requests.

+6

Shog9 Feb 10 '09 at 12:41

source share

In addition to the reasons why jQuery can use ActiveX (like AJAX), you should also consider that not all jQuery uses are for AJAX functionality.

+2

matt b Feb 10 '09 at 0:43

source share

Regardless of the AJAX functionality in IE, there was a problem in jQuery 1.3.2 that caused this banner to appear when jQuery first loaded, even if you didn't do anything with it. See tagged # 4017 . The problem was solved in changeet # 6268 and will be discussed in jQuery 1.3.3 after its release.

0

Ryan morlok May 15, '09 at 20:08

source share

Not sure if this is relevant to your case / question, but I noticed that jQuery version conflicts lead to this problem almost by default and if you manage a large website consisting of several components (e.g. portal, CMS, etc.) , you can accidentally use multiple versions of jQuery at once. In my case, this always caused an ActiveX popup in IE 7.

0

jmdefran Jul 12 '11 at 17:35

source share

I had the same problem with a store that executes ajax requests, so I modified my jquery file to force XMLHttpRequest to load, i.e. nine

Search for:

 var l = window.ActiveXObject ? new ActiveXObject("Microsoft.XMLHTTP") : new XMLHttpRequest();

replace it with:

 var isIE9 = navigator.userAgent.match(/MSIE 9.0/i) != null; if(isIE9) var l = new XMLHttpRequest(); else var l = window.ActiveXObject ? new ActiveXObject("Microsoft.XMLHTTP") : new XMLHttpRequest();

0

user1224703 Feb 23 '12 at 0:59

source share

Luca matteis · Accepted Answer · 2009-02-10T00:40:56+0000

Only the place where ActiveX is mentioned in jQuery code is used for ActiveXObject , which is used for XMLHttpRequests:

 // Create the request object; Microsoft failed to properly // implement the XMLHttpRequest in IE7, so we use the ActiveXObject when it is available var xhr = window.ActiveXObject ? new ActiveXObject("Microsoft.XMLHTTP") : new XMLHttpRequest();

There's an open problem here ... it seems like jQuery is not backing down from using native XMLHttpRequest on IE7 (this is probably what you are experiencing).

It may also help: link

Serious security issue with jQuery and ActiveX?

More articles: