Overview

If you set the Default Layouts.Head Script to Mark of the Web, Second Site will add a special comment to output pages to try and avoid an obnoxious security feature of the Microsoft Internet Explorer (IE) browser. The special comment is called the "Mark of the Web", and its presence instructs IE to treat the web page as if it was loaded from a remote web site rather than from the local hard drive. This, in turn, avoids a security warning that appears when the Mark of the Web comment is not present. The security warning appears near the top or bottom of the IE window when opening HTML files that are stored on the computer's hard drive or local removable storage such as CD-ROM discs. The message location varies by IE version.

For information about Head Scripts, see Page Scripts.

Limitations

Unfortunately, adding the Mark of the Web comment avoids one problem and introduces another!

If you are browsing pages with IE6 or IE7, and the pages are on your hard-disk or a CD-ROM, the Mark of the Web comment prevents opening links to external documents included in the site, such as PDFs.

This makes it difficult for Second Site users to test web sites they are creating. During testing, the web pages are viewed locally, and thus they are subject to the limitation above. My recommendation is to use Firefox or another standards-compliant browser for most testing, and only use Internet Explorer when you are specifically interested in how your site looks in that browser.

There is no such easy solution for users who are distributing web sites on CD-ROM and that include PDF documents, MS Word documents, or the like. Relatives or friends who are using IE6 or IE7 will not be able to access those documents through links if the Mark of the Web comment is present. If the Mark of the Web comment is not present, they will see the security warning, even though there is no security risk.

So, if you are distributing your site on CD-ROM, this is what I recommend:

  • If your site contains HTML pages and photographs or scanned documents only, set Default Layouts.Head Script to Mark of the Web. This will avoid the security warning and given there are no linked documents, there is no downside.
  • If your site contains linked PDF documents, MS Word documents, etc., set Default Layouts.Head Script to Standard. People who browse your CD-ROM with IE6 or IE7 will see a security warning, but they will have access to the documents. You may want to inform them of the security issue in a note that accompanies the CD-ROM.

Microsoft believes that the insane Mark of the Web comment is a solution or feature, but in fact, it's just evidence that the security features in IE6 and IE7 are badly broken. Other browsers stop malicious content using tactics that do not prevent access to legitimate content. The best way to protest is to stop using IE, and encourage your friends to stop, too. It's a small step, but Microsoft won't listen to any other input.

Triggering the Security Message

When the Mark of the Web comment is not present, three common activities can trigger a warning message in IE6 or IE7:

  • In Second Site, clicking the "Browse Site" button to view the copy of the site that is created on the user's PC
  • In Second Site, opening a help page by pressing the [F1] function key or by selecting a command in the Help Menu
  • When opening a web page from a CD whose content was created by Second Site

Second Site uses a Mark of the Web comment in this form:

<!-- saved from url=(0014)about:internet -->

More Information

You can read more about the Mark of the Web via this url: http://msdn2.microsoft.com/en-us/library/ms537628.aspx. Microsoft changes their URLs more often than Imelda Marcos changes shoes, so the link may not work. If so, you can use a Google search to try and find it.

On This Page