Mark of the Web Explained

Many people have questions concerning the security warnings displayed by Internet Explorer while trying to access WebWorks Help 5.0 or Dynamic HTML output. Several discussions in the ePublisher documentation suggest a solution known as the "Mark of the Web." I thought it might be helpful to demystify this feature a bit and explain what it does, why it exists, and (most importantly) why it doesn't work as expected. First, a summary:

Problem: IE will complain about any HTML file containing JavaScript that is run on a local system.

Solution: None (if you need JavaScript).

This isn't a result of a problem with the ePublisher application or a defect in the output it produces. The WebWorks Help 5.0 output format contains a lot of JavaScript, which triggers alarms when viewed locally in Internet Explorer. That's just the nature of the IE browser platform. It was built with security zones to protect users from code which may try to access local files, but then they locked down the local security zone so that those files couldn't run ActiveX controls (i.e., JavaScript functions).

You want to view pages locally (such as a documentation set installed on a user's machine). Those pages contain scripts. Scripts can't be used in the local zone. So, the MOTW solution forces IE to run the web page in the "internet" security zone, thereby enabling scripts. However, pages in the "internet" zone can't access local files (a task required by the scripts). Quite a circular conundrum.

An article on our TechNotes explains the correct implementation of the MOTW feature for the page template. What it fails to mention is that the MOTW must be implemented for each HTML page in the WebWorks Help 5.0 helpset which contains JavaScript code. Suffice it to say that there are a lot of files which fall into the category. In order to truly enable MOTW for your WWHelp, you'll need to perform an override on each of the affected files and remove the "MOTW-disabled" syntax from all of them. Search the following folder (and subfolders) for files containing the text "MOTW" for a list of the relevant files:

The MOTW feature is much more suited to a simpler format like Dynamic HTML, which consists only of single topic pages built by the page template; Page.asp is the only file to override in that case.

Of course, once you enable MOTW, you're likely to see a lot of other funny stuff going on. Links to local files, such as PDFs, will be invalid (because "internet" files can't access "local" files). Also, any active content attempting to reference local file paths will be disabled, so the WebWorks Help 5.0 output will lose its JavaScript navigation features, among others.

All in all, it's just a really bad situation on the part of the Internet Explorer browser, and there's nothing we can really do to improve upon it. There is no way to disable the IE warnings while retaining full functionality of local output. Not a helpful conclusion, I'll admit, but an honest and accurate assessment nonetheless.

Please note that this solution is quite old, and for some has not panned out very well.


LaurenLever/@Solutions/Output/WebWorks Help 5.0/Mark of the Web (last edited 2011-04-28 18:20:54 by LaurenLever)