Javascript: inside IE9+ address bar -- workarounds

Started by Darren Dirt, October 16, 2012, 10:11:29 AM

Previous topic - Next topic

Darren Dirt

apparently various folks think entering in "javascript:alert('xyz=' + xyz)" is a security hole, and this is why the "Protected Mode" is on by default. PM enabled means that the javascript: protocol will not work in the address bar.

Solutions:

(1) turn off PM for the zone your website is in.

(2) click F12 and use the Developer tool's Console (e.g. type "alert('xyz=' + xyz)" and you get your desired result

(3) the very WEIRD but quick workaround described below:
http://answers.microsoft.com/en-us/ie/forum/ie9-windows_7/cant-paste-javascript-into-the-address-bar-ie9-rc/aa377c2f-7a43-e011-90b6-1cc1de79d2e2

^ basically, you paste in the code and notice the "javascript:" prefix vanishes, well just make sure you have that code in the clipboard, and AFTER clicking CTRL+V to paste it in, press CTRL+E and you'll see a "?" character in front, now CTRL+V again and your entire code line stays, just click HOME and delete that "?" characer in front, voila it works.

So I guess "Protected" mode is actually useless, at least in regards to protecting the user from the dreaded "javascript:" protocol's so-called dangers... actually, even quicker: just click CTRL+E *FIRST* then type in (or paste) your javascript:xyz and remove that "?" character before hitting Enter!

_____________________

Strive for progress. Not perfection.
_____________________