« RCC moves out of SVG 1.2 | Main | WebFX Ends IE Support »

MSXML + HTA = BUG

Something is very wrong with MSXML

An HTA is an HTML Application. It is an executable application format that hosts Internet Explorer in a fully trusted application. This application, like any other executable has full access to your OS and hardware. You can create and delete files, read the registry and more. When using a HTA you can use any COM object and you can for example open a socket to create an IRC application. But, you cannot use MSXML to retrieve an XML document from a web server without seeing a security warning!

This entry was posted on Wednesday, March 31st, 2004 at 9:49 and is filed under Software. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

7 Responses to “MSXML + HTA = BUG”

  1. Mark Thomas Says:
    March 31st, 2004 at 10:37

    It works for me.
    I have an hta that hosts an iframe (application=”yes”) pointing to a web server. I can use msxml from within this.

    Works on W2k IE5.5, IE6 and on XP

  2. Mark Thomas Says:
    March 31st, 2004 at 14:19

    Try running this from .hta. Works for me

    var objXMLHTTP = new ActiveXObject(”MSXML2.XmlHttp”)
    objXMLHTTP.Open(”GET”, “http://www.google.com”, false);
    objXMLHTTP.SetRequestHeader(”Content-type”, “text/html”);
    objXMLHTTP.Send();
    alert(objXMLHTTP.ResponseText)

    var objXML = new ActiveXObject(”MSXML.DomDocument”)
    objXML.async = “false”;
    objXML.load(”http://webfx.eae.net/dhtml/xloadtree/tree.xml”)
    alert(objXML.documentElement.xml)

  3. Erik Arvidsson Says:
    March 31st, 2004 at 16:33

    Your code gives me a security warning… checking my IE settings… No, resetting to default does not help.

    I’m using IE6 SP1, 6.00.2800 with all the latest patches on Windows XP SP1 with all the latest patches.

    I got this bug report from someone else, I just could not believe it before testing it myself.

  4. Mark Thomas Says:
    March 31st, 2004 at 19:03

    I’m on IE 6.0.2800.1106.xpsp2.030422-1633
    Works with default or high security settings.

  5. Erik Arvidsson Says:
    March 31st, 2004 at 19:38

    So, maybe they fixed the bug in XPSP2?

    Personnally I can’t use XPSP2 because it makes the active desktop unusable. (Yes, I have reported this.)

  6. Mark Thomas Says:
    April 1st, 2004 at 11:25

    I’m XP Sp1 not Sp2

  7. Erik Arvidsson Says:
    April 1st, 2004 at 14:43

    Sorry, I didn’t realize that xpsp2 did not mean xp sp2 (in the about box).

    When resetting the Internet Zone, Local Intranet och Restricted sites it now work. I still consider this a bug because if any zone should apply the My Computer Zone should be used

Leave a Reply