Another essential security update to Microsoft's Internet Explorer is being distributed in the next series of system updates. This snippet explains it pretty well:
When a web page uses the APPLET, EMBED, or OBJECT elements to load an ActiveX control, the control's user interface is blocked until the user activates it....If a page uses these elements to load multiple controls, each interactive control must be individually activated.
So now you don't see anything until you click the big ugly block?Edit: It appears you do see the Flash movie, you just cannot interact with it through the mouse or keyboard. A user on FlashGroup.net states that it is possible to add the Flash content via the DOM to circumvent this.
This also affects the following Active X controls:
Adobe Reader
Apple QuickTime Player
Macromedia Flash
Microsoft Windows Media Player
Real Networks RealPlayer
Sun Java Virtual Machine
You can read more here, and here. I thought this was an old story but never made it? Thoughts?
Comment feed for this post
Follow me on Twitter
And the solution to this as I know is to use the DOM as mentioned, and write the Object tag and its contents into the document using Javascript document.write
Am sure there was a technote that was published for this.
tats an interesting observation. Has something changed ?
I'm familiar with this one, very good indeed. :) I guess there will be people that don't want to use that as they'd like Google to see their SWF and attempt to index it, but we can't have our cake and eat it hey!
http://msdn.microsoft.com/library/default.asp?url=/workshop/author/dhtml/overview/activating_activex.asp
I've tried all the methods presented except the DOM manipulation, and all of them seem to require the extra click. Unfortunately, I'm pretty sure the DOM manip will break the cc&mesh's FlashJavaScriptIntegration kit, which is important to me.
This is the second IE6 mod that has changed things (mandatory status bar in SP2 had a nasty effect to some of our flash presentations due to reduced space for content)
Have you actually tried this and got it to work? (neave.com rox btw)
---go.js---
setTimeout("doit()",5000);
function doit()
{
var myObject = document.createElement('embed');
tester.appendChild(myObject);
myObject.width = "200";
myObject.height = "100";
myObject.src = "test.swf";
}
Have I misunderstood what MS is saying. Is there *any* way to turn this off?????
http://www.macromedia.com/devnet/activecontent/
instantiates the famous menu as an inline script in the body of the document using the following script tag:
<
script type="text/javascript"
language="JavaScript"
src="/jsdw/ubi/globalnav/en_us/flash.iota"
>
where the contents of this .iota file is :
if(do_dw_var){
document.writeln('<div id="globalnav">');
document.writeln(' <object id="globalnav-object" classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" width="756" height="134">');
document.writeln(' <param name="movie" value="/swf/globalnav/globalnav_en_us.swf?fpReqMinor=79" />');
document.writeln(' <param name="FlashVars" value="loc=en_US&htmlApp=false&gatewayURL=gwurl" />');
document.writeln(' <param name="bgcolor" value="#ffffff" />');
document.writeln(' <param name="menu" value="false" />');
document.writeln(' <param name="quality" value="high" />');
document.writeln(' <param name="salign" value="tl" />');
document.writeln(' <param name="scale" value="noscale" />');
document.writeln(' <embed id="globalnav-embed" src="/swf/globalnav/globalnav_en_us.swf?fpReqMinor=79" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer" flashvars="loc=en_US&htmlApp=false&gatewayURL=gwurl" bgcolor="#ffffff" menu="false" quality="high" salign="tl" scale="noscale" width="756" height="134"></embed>');
document.writeln(' </object>');
document.writeln('</div>');
}
[I hope the tags above escape properly!]
My understanding is that this is the Microsoft mandated workaround as described in:
http://msdn.microsoft.com/library/default.asp?url=/workshop/author/dhtml/overview/activating_activex.asp
Yet, even on this page, I still have the "click to activate and use this control".
To be clear on this:
This morning I installed
"Update for Windows XP (KB912945)"
I have tried all the workarounds suggested by Microsoft. None of them work. Adobe's own page on the issue does not work around it. As far as I can tell from spending about 4 hours on this, there is simply no workaround. Can anybody verify this???
Use FlashObject.
And for Google put inside the "noflash" alternate text of FlashObject the content that you want indexed. All the content. In html format. Like a minisite.
http://www.slideshowpro.net/demo/demo_default.php#id=nature&num=1
The "click to activate and use this control" is still there.
I'm thinking perhaps there is a new locked down version of this "hotfix" which it is not possible to work around.
My advice is avoid KB912945 and make sure your clients do as well. It breaks the web.
I've sent a comment up to MSDN about this, but I'm not holding much hope for a coherent reply.
Been running with the MS patch for a few weeks now. If you doc.write the object and embed tags, Flash behaves as before. Only exception is when you have the Microsoft Script Debugger installed and running, in which case you have to click the SWF in order to activate it, even with doc.write.
Hope this helps!
Mike
[quote]
Warning If you uncheck the Disable Script Debugging (Internet Explorer) option in the Advanced Tab of the Internet Options Control Panel, controls created using these techniques will still require activation.
[/quote]
Unobtrusive Flash Objects (UFO) v3.0
works great!
tryed with the new "patch" from Ms installed...
I should RTFM!
Haven't checked yet, but I'm certain that "Disable Script Debugging" was the cause of my woes.
[dons dunces cap and wanders off to stand in the corner]
-erik
There is one quirk with the MS update, and that is you must have 'Disable Script Debugging' checked, or you will still need to activate your controls no matter how you embed them.
I've been tracking the issue and have been updating this page:
http://blog.deconcept.com/2005/12/15/internet-explorer-eolas-changes-and-the-flash-plugin/
That means this is not a valid soltion. By default IE has the Script Debuggers disabled, meaning for the common user (not web developers) the solution fixes nothing.
The most annoying part of this patch, I think, are the inconsitancies of the patch. Different people at my company get different results from this patch. For instance, I do not get prompted to enable instances of sIFR whereas most others at my company seem to.
It's only when script debugging is enabled (the checkbox is checked) that you still need to activate the controls. By default deubgging is off, which means most users will not need to activate your flash content if you use javascript to embed it.
Also, if you look at the microsoft KB article on the subject, you'll notice that they have the script debugging issue listed as a bug and that they are working on it. So future versions of the update should behave as planned.
Here's another link to my post on the subject, it has all the info you need.
Seems to only be available through Windows Update as an Optional download.
Greg