virtual tour example

home gallery product info downloads buy now support learn more search

support

Trouble report 684

Internet Explorer may display a security warning for web pages containing a VR image

Versions affected

All versions starting with 3.0

Description

When you request The Panorama Factory to preview a web page, it opens in your web browser.

If you use Internet Explorer, web pages containing VR images may display a security warning when previewed on your local computer. You may see a message similar to one or both of the following:

"To help protect your security, Internet Explorer has restricted this file from showing active content that could access your computer.  Click here for options..."

or

"Allowing active content such as script and ActiveX controls can be useful, but active content might also harm your computer.  Are you sure you want to let this file run active content?"

This problem occurs only with Internet Explorer and only when the HTML file is on your local computer. HTML files on web servers are unaffected and other browsers are unaffected. One solution to this whole problem is to use a different browser, e.g. Mozilla, Netscape, Firefox, Opera, etc., for testing your VR images.

Microsoft added this warning message with Windows XP Service Pack 2.

Discussion

The Panorama Factory's HTML files use JavaScript to control the operation of VR viewers. Windows Service Pack 2 introduced new security popup messages whenever JavaScript is used in an HTML file on your local computer.

The logic behind this warning is that active content (Javascript, ActiveX, Java, etc.) in a web page has more freedom when run from a web page in a local file. Web pages downloaded from an internet web site run in a more restricted security zone that prevents many potential malicious actions. However, the local security zone is less restrictive than the internet security zone. So according to Microsoft, viewing local web pages is more risky than viewing internet web pages!

The new security warnings in Windows XP Service Pack 2 have significantly impacted the use of local HTML pages. It seems that you must accept the warnings about JavaScript content in order to have the VR viewers work properly in Internet Explorer when displayed from a local file.

NOTE: The security warnings are only displayed when you open the web page from a local file.  Internet Explorer will not show the messages when your web page is displayed from an internet web site.

Workaround

Other than using a different web browser, there is no workaround for this problem.  You must accept the warnings about JavaScript content in order to have the VR viewers work properly in Internet Explorer when displayed from a local file.

The Panorama Factory V4.4 attempted to workaround this problem by adding the Mark of the Web to its web page templates.  Unfortunately, this change caused PTViewer pages and thumbnail index pages to fail under some circumstances.

Therefore in V4.5 the Mark of the Web has been removed from the web page templates.  It is apparently not possible to simultaneously avoid the security warnings and have PTViewer pages work when displayed from local files through Internet Explorer.

Refer to the following trouble reports for background information about the addition of the Mark of the Web to the V4.4 templates.:

Disabling the security warnings

These security warnings were new with Windows XP Service Pack 2. And they only appear for HTML files on your local computer disks. They do not appear when the HTML files are displayed from a web server.

It is possible to disable the security warnings in Internet Explorer. However, we do not recommend disabling the warnings.  Microsoft beleives they are important messages. They think, perhaps, that the security warnings help protect you from malicious HTML files that make it onto your computer. It is not possible to turn off the warnings for The Panorama Factory's HTML files without turning them off for HTML files from other sources.

You must decide carefully whether to turn the security warnings off.

Again, we do not recommend turning off the warnings.  However, for completeness, we include the instructions here:

  1. Start Internet Explorer.
  2. Open the Internet Options dialog box from the Tools menu.
  3. Choose the Advanced tab.
  4. Scroll to the bottom of the Settings to the group titled "Security".
  5. Place a checkmark in the box "Allow active content to run in files on My Computer".
  6. Click OK.

This eliminates the security warnings and returns Internet Explorer to the way it worked before Service Pack 2.

Status

The default preview template was updated in V4.5 to show information about the security warnings.

We would like to find a more graceful workaround for this problem, but we are not optimistic.


Revised: April 05, 2007

 1999-2007 Smoky City Design, LLC and John Strait