01 March 2006

IE6 Update - Kick in the Teeth for Flash?

Written by Richard Leggett (

)
Published on March 1st, 2006 @ 02:59:43 am, using 167 words, 3981 views

Categories: Flash

Another essential security update to Microsoft's Internet Explorer is being distributed in the next series of system updates. This snippet explains it pretty well:

When a web page uses the APPLET, EMBED, or OBJECT elements to load an ActiveX control, the control's user interface is blocked until the user activates it....If a page uses these elements to load multiple controls, each interactive control must be individually activated.

~~So now you don't see anything until you click the big ugly block?~~Edit: It appears you do see the Flash movie, you just cannot interact with it through the mouse or keyboard. A user on FlashGroup.net states that it is possible to add the Flash content via the DOM to circumvent this.

This also affects the following Active X controls:

Adobe Reader
Apple QuickTime Player
Macromedia Flash
Microsoft Windows Media Player
Real Networks RealPlayer
Sun Java Virtual Machine

You can read more here, and here. I thought this was an old story but never made it? Thoughts?

Permanent Link 27 comments

Comments, Pingbacks:

Comment from: Arul Prasad

Well, I guess this is an old issue that you are talking about.

And the solution to this as I know is to use the DOM as mentioned, and write the Object tag and its contents into the document using Javascript document.write

Am sure there was a technote that was published for this.

Permalink 01/03/06 @ 03:33

Comment from: Richard Leggett [Member]

Yeah I thought I'd read this before, and that the issue was deferred. But I noticed the date on the article linked to above, Feb 28th 2006.

Permalink 01/03/06 @ 03:37

Comment from: Arul Prasad

hey,

tats an interesting observation. Has something changed ?

Permalink 01/03/06 @ 04:37

Comment from: Paul Neave

Use FlashObject and you'll never have any trouble ever again ever.

Permalink 01/03/06 @ 04:49

Comment from: Richard Leggett [Member]

Hi Paul,

I'm familiar with this one, very good indeed. :) I guess there will be people that don't want to use that as they'd like Google to see their SWF and attempt to index it, but we can't have our cake and eat it hey!

Permalink 01/03/06 @ 04:52

Comment from: spender

has anyone actually tried working through the workarounds on this page:

http://msdn.microsoft.com/library/default.asp?url=/workshop/author/dhtml/overview/activating_activex.asp

I've tried all the methods presented except the DOM manipulation, and all of them seem to require the extra click. Unfortunately, I'm pretty sure the DOM manip will break the cc&mesh's FlashJavaScriptIntegration kit, which is important to me.

This is the second IE6 mod that has changed things (mandatory status bar in SP2 had a nasty effect to some of our flash presentations due to reduced space for content)

Permalink 01/03/06 @ 05:05

Comment from: spender

Paul Neave,

Have you actually tried this and got it to work? (neave.com rox btw)

Permalink 01/03/06 @ 05:07

Comment from: spender



---go.js---



setTimeout("doit()",5000);

function doit()

{

var myObject = document.createElement('embed');

tester.appendChild(myObject);

myObject.width = "200";

myObject.height = "100";

myObject.src = "test.swf";

}

Have I misunderstood what MS is saying. Is there *any* way to turn this off?????

Permalink 01/03/06 @ 05:58

Comment from: spender

Adobomedia can't get this to work. Their web page describing the issue:

http://www.macromedia.com/devnet/activecontent/

instantiates the famous menu as an inline script in the body of the document using the following script tag:

<
script type="text/javascript"
language="JavaScript"
src="/jsdw/ubi/globalnav/en_us/flash.iota"
>

where the contents of this .iota file is :



if(do_dw_var){

document.writeln('<div id="globalnav">');

document.writeln('	<object id="globalnav-object" classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" width="756" height="134">');

document.writeln('		<param name="movie" value="/swf/globalnav/globalnav_en_us.swf?fpReqMinor=79" />');

document.writeln('		<param name="FlashVars" value="loc=en_US&htmlApp=false&gatewayURL=gwurl" />');

document.writeln('		<param name="bgcolor" value="#ffffff" />');

document.writeln('		<param name="menu" value="false" />');

document.writeln('		<param name="quality" value="high" />');

document.writeln('		<param name="salign" value="tl" />');

document.writeln('		<param name="scale" value="noscale" />');

document.writeln('		<embed id="globalnav-embed" src="/swf/globalnav/globalnav_en_us.swf?fpReqMinor=79" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer" flashvars="loc=en_US&htmlApp=false&gatewayURL=gwurl" bgcolor="#ffffff" menu="false" quality="high" salign="tl" scale="noscale" width="756" height="134"></embed>');

document.writeln('	</object>');

document.writeln('</div>');

}





[I hope the tags above escape properly!]



My understanding is that this is the Microsoft mandated workaround as described in:



http://msdn.microsoft.com/library/default.asp?url=/workshop/author/dhtml/overview/activating_activex.asp



Yet, even on this page, I still have the "click to activate and use this control".



To be clear on this:



This morning I installed 

"Update for Windows XP (KB912945)"



I have tried all the workarounds suggested by Microsoft. None of them work. Adobe's own page on the issue does not work around it. As far as I can tell from spending about 4 hours on this, there is simply no workaround. Can anybody verify this???

Permalink 01/03/06 @ 07:05

Comment from: cosmin

Yeah.
Use FlashObject.
And for Google put inside the "noflash" alternate text of FlashObject the content that you want indexed. All the content. In html format. Like a minisite.

Permalink 01/03/06 @ 07:22

Comment from: Richard Leggett [Member]

Spender, does FlashObject not work?

Permalink 01/03/06 @ 07:26

Comment from: spender

According to the FlashObject site the site below uses flashobject, right?

http://www.slideshowpro.net/demo/demo_default.php#id=nature&num=1

The "click to activate and use this control" is still there.

I'm thinking perhaps there is a new locked down version of this "hotfix" which it is not possible to work around.

My advice is avoid KB912945 and make sure your clients do as well. It breaks the web.

I've sent a comment up to MSDN about this, but I'm not holding much hope for a coherent reply.

Permalink 01/03/06 @ 07:34

Comment from: spender

going to try a reboot. :)

Permalink 01/03/06 @ 07:37

Comment from: spender

Still broken. :(

Permalink 01/03/06 @ 07:46

Comment from: Mike

Hello,

Been running with the MS patch for a few weeks now. If you doc.write the object and embed tags, Flash behaves as before. Only exception is when you have the Microsoft Script Debugger installed and running, in which case you have to click the SWF in order to activate it, even with doc.write.

Hope this helps!
Mike

Permalink 01/03/06 @ 08:39

Comment from: Richard Leggett [Member]

Great to hear Mike, thanks for the info.

Permalink 01/03/06 @ 08:43

Comment from: Derek Vadneau

To Mike's point, a quote from the MS page:
[quote]
Warning If you uncheck the Disable Script Debugging (Internet Explorer) option in the Advanced Tab of the Internet Options Control Panel, controls created using these techniques will still require activation.
[/quote]

Permalink 01/03/06 @ 09:12

Comment from: Federico

just found that http://www.bobbyvandersluis.com/ufo/
Unobtrusive Flash Objects (UFO) v3.0
works great!

tryed with the new "patch" from Ms installed...

Permalink 01/03/06 @ 11:16

Comment from: Corby SImpson

I wonder if the "patch" will be a mandatory part of IE7? I think right now has the patch is recommended, but optional?

Permalink 01/03/06 @ 12:27

Comment from: spender

Bloody smallprint.

I should RTFM!

Haven't checked yet, but I'm certain that "Disable Script Debugging" was the cause of my woes.

[dons dunces cap and wanders off to stand in the corner]

Permalink 01/03/06 @ 14:31

Comment from: erikbianchi

and yet another reason why the world should switch to Firefox. =)

-erik

Permalink 01/03/06 @ 14:41

Comment from: Geoff

Just to set the record straight: any javascript technique should cause your controls to *not* need to be activated. FlashObject, UFO, the Macromedia detection kit (the one that uses javascript to embed the flash) etc.

There is one quirk with the MS update, and that is you must have 'Disable Script Debugging' checked, or you will still need to activate your controls no matter how you embed them.

I've been tracking the issue and have been updating this page:
http://blog.deconcept.com/2005/12/15/internet-explorer-eolas-changes-and-the-flash-plugin/

Permalink 01/03/06 @ 14:56

Comment from: Jim M

I now finally understand why people think the UFO, or any other JavaScript enabling Flash implementation fixes the issue. It onyl occurs when you change your settings in IE.

That means this is not a valid soltion. By default IE has the Script Debuggers disabled, meaning for the common user (not web developers) the solution fixes nothing.

The most annoying part of this patch, I think, are the inconsitancies of the patch. Different people at my company get different results from this patch. For instance, I do not get prompted to enable instances of sIFR whereas most others at my company seem to.

Permalink 02/03/06 @ 10:02

Comment from: Flabbygums

Can anyone tell me where i can download the patch?? I've checked all over MS Download Center and cannot find a link in any of their articles about this stupid change. Is this really an "optional" update to SP2/IE or would people w/ automatic updates get the patch?

Permalink 02/03/06 @ 10:55

Comment from: Geoff

That means this is not a valid soltion. By default IE has the Script Debuggers disabled, meaning for the common user (not web developers) the solution fixes nothing.

It's only when script debugging is enabled (the checkbox is checked) that you still need to activate the controls. By default deubgging is off, which means most users will not need to activate your flash content if you use javascript to embed it.

Also, if you look at the microsoft KB article on the subject, you'll notice that they have the script debugging issue listed as a bug and that they are working on it. So future versions of the update should behave as planned.

Here's another link to my post on the subject, it has all the info you need.

Permalink 02/03/06 @ 12:16

Comment from: Flabbygums

Sorry to be a nag, but how are you people getting the patch?? I cannot find it.

Permalink 03/03/06 @ 16:32

Comment from: greg

To flabbygums,

Seems to only be available through Windows Update as an Optional download.

Greg

Permalink 05/03/06 @ 18:51

Comments are closed for this post.

About

Richard Leggett is an RIA and Web Developer, co-founder of Ubrae Ltd. He is co-author of Foundation Flash Applications for Mobile Devices (Friends of ED), an Adobe Community Expert and speaker at industry conferences and user groups.