"Click to activate and use this control" : Microsoft Internet Explorer Update Affects CleverPath Forest & Trees Runtime

Document ID : KB000027546
Last Modified Date : 14/02/2018
Show Technical Document Details

On February 28, 2006, Microsoft released security advisory 912945 regarding non-security update 912945 to Microsoft Internet Explorer 6 for Microsoft Windows XP Service Pack 2 (SP2) and for Microsoft Windows Server 2003 Service Pack 1 (SP1). This update changes the way in which Internet Explorer handles some Web pages that use ActiveX controls. According to Microsoft, the security update is now being tested to ensure quality and application compatibility and is on schedule to be released as part of the April security updates on April 11, 2006 , or sooner as warranted.

Depending on your use of the CleverPath Forest & Trees Runtime ActiveX control, these changes to Internet Explorer may affect what your users see when they view your applications in a browser. This document describes the changes, what uses of the CleverPath Forest & Trees Runtime ActiveX control may be affected, and what you can do to maintain the current functionality and continue to provide a seamless experience for your users.

For additional information and future announcements regarding changes to Internet Expl orer, check the Microsoft Developer Network (MSDN) at http://msdn.microsoft.com/ieupdate.

What Is Changing?

The changes to Internet Explorer described in this document will have no effect on users and de velopers until they install the non-security update 912945 or the next scheduled cumulative security update from Microsoft which implements these changes is applied.

These changes will affect the way the browser handles active content (ActiveX controls and Java applets) on web pages. Any active content coded with <object>, <embed>, or <applet> tags that are inline in an HTML file, that is coded directly in the HTML file itself, will initially be inactive when loaded. When a control is inactive, it does not respond to user input including keyboard, mouse, or other pointing device. To activate an interactive control, a user must simply click on the control or use the TAB key to select the control and press Enter or Spacebar.

It is important to note th at the functionality of the control is not limited or affected in any way. The browser simply loads the control in an inactive state. While inactive, the CleverPath Forest & Trees Runtime ActiveX Control still performs operations that do not involve interaction -for example, view file open processing. Once the control is activated, it will function exactly as it did in previous versions of Internet Explorer.

If My Users Are Affected, What Will They See?

By default, the user interface of each affected ActiveX control object on a web page is blocked until the control is activated by the user. If multiple affected instances of the Runtime ActiveX Control are displayed on a page, each instance must be activated individually. When a view file is loaded in an inactive Runtime ActiveX Control, any view file open processing will be executed as always. Any messages or dialogs displayed by the CleverPath Forest & Trees application, including modal dialog groups, will be accessible to the user. Only the main CleverPath Forest & Trees Runtime application workspace embedded in the HTML page will be inaccessible.

While the Runtime ActiveX Control is inactive, your users will see a normal CleverPath Forest & Trees main application workspace. When the cursor is moved over the application workspace or the TAB key is pressed until the Runtime ActiveX Control is selected, a box is drawn around the Runtime ActiveX Control, and one of two tooltips will be displayed (Figure 1 and Figure 2).

Figure 1

Figure 1: Mouse over inactive control

Figure 2

Figure 2: Keyboard-selected inactive control

Not ALL Uses of the Runtime ActiveX Control Are Affected

The following uses of the Runtime ActiveX Control are not affected.

  • Sites that load a view file di rectly in a browser without using a web page will be unaffected. This includes:
    • Typing the path and file name of a view file into the browser's Address bar
    • A link on a web page that refers to the path and file name of a view file
    • Displaying a view file sto red in a CleverPath Portal without using the CleverPath Forest & Trees Portal content handler or another HTML file to reference the stored view file
  • Sites that already use script in an external file to create the object or embed tag that loads the control will continue to function as they do now.

What Steps Can I Take to Avoid the Change in Behavior?

You can make some simple modifications to your web pages now that are compatible with existing versions of Internet Explorer and will give your users the same experience in both the current and future version of the browser. Those modifications are described in this document.

To create Web pages that load interactive controls that respond immediately to user input, you must use script to load those co ntr ols from external script files. You cannot write script elements inline with the main HTML page to load your control. If the script is written inline programmatically, the loaded control will behave as if it was loaded by the HTML document itself and wi ll require activation. To ensure a control is interactive when it is loaded, the script must be loaded from an external script file. The techniques described in this document do just that.

In order to execute script on an HTML page, Active Scripting must be enable d in Internet Explorer on the client computer. For information regarding c onfiguring Microsoft Internet Explorer security settings, see the Help topic titled "Configuring Web Browser Security for the Runtime ActiveX Control" in the CleverPath Forest & Trees Developer help file. In addition to the ActiveX controls and plug-ins security settings listed in this help topic, you must have Active scripting under the Scripting section set to Prompt or Enable.

Code That Needs to be Replaced

Any web page (i.e. Portal Content Handler capftwch.htm) that contains an <object> or <embed> tag coded directly in the HTML source will cause the control to be loaded in an inactive state. The following examples of HTML code will need to be replaced with code that calls script in an external script file to write the elements into the original page.

  <object classid="clsid:2863DDE9-3BFD-41CE-B98E-F8497089B01C">
   <param name="viewfile" value="http://mywebserver/myApp.ftv" />
  <object classid="clsid:5FADE212-B755-11D1-BA39-00C04FD60C4B">
   <param name="src" value="http://mywebserver/myApp.ftv" />
  <embed type="application/x-ftv" src="http://mywebserver/myApp.ftv"/>
  <embed type="application/x-ftv" viewfile="http://mywebserver/myApp.ftv"/>

Solution 1: Users using the Portal content handler or some other content handler that delivers the embedded applications

For sites which use the CleverPath Forest & Trees Portal Content Handler, this solution includes a function which accepts arguments to construct the proper markup. This solution also provides some advantages if your site has a lot of embedded CleverPath Forest & Trees applications. Rather than create a separate external JS file for each affected web page, you make available on your web site a single external JS file that contains functions for creating the necessary tags based on parameters passed from the main web page.

Click here to download the JS file as well as capftwch.htm and RuntimeTemplate.htm files which can replace the HTML files provided on the CleverPath Forest & Trees installation media.

There are three steps you need to follow to implement this solution:

  1. AC_ViewFile.js (included in the above download), is the javascript which will write the nec essary tags. Copy AC_ViewFile.js to a shared location on your website. Be sure to modify the default values for id, width, height, codebase, and pluginspage in the JS file if necessary to suit your environment. The code in this file uses arguments that you pass to it (see Step 3) to construct a complete tag string that it writes to your document.

  2. Add a JavaScript include statement that points to the shared JavaScript files from Step 1 to the <head> section of each web page on your site that includes an object/embed tag.

    <script src="[path]/AC_ViewFile.js" language="JavaScript" type="text/javascript"> </script>

  • Replace each instance of <object> and <embed> tags in your pages with the appropriate function calls.

    FT_WriteObj( "safe"|"unrestricted", "viewfileURL" [, "attributeName1","attributeValue1", "attributeName2","attributeValue2", ... "attributeNameN","attributeValueN"] );
  • To replace the object and embed tags with calls to this function, pass the "safe"|"unrestricted" selector and the view file path and filename as parameters 1 and 2, and pass any additional attributes as pairs of a rguments. The function automatically inserts the correct classid, the view file, and the default values for id, width, height, codebase, and pluginspage if they are not specified in the parameter list. You do not need to supply the optional attribute name value pairs unless you require different values for a specific instance of a view file on a page. Note: For CleverPath Forest & Trees Runtime Option version 7.0 users, the first parameter must be "unrestricted" since safe mode was not available until version 7.1.

    Web developers typically specify the same values in object and embed tags for all attributes and parameters; however, it is sometimes useful to have different values, so a page is displayed differently from one browser to another. To specify an attribute that will only be added to the <object> element, prefix the attribute name with o#. To specify an attribute that will only be added to the <embed> element, prefix the attribute name with e#.

    For example, to replace the following object and embed tags:

      <object id="FTW" classid="clsid:2863DDE9-3BFD-41CE-B98E-F8497089B01C"
      codebase=" http://mywebserver/ftwrt710.exe #version=7,1,23"
      width="100%" height="100%">
      <param name="viewfile" value="[path]/myviewfile.ftv" />
      <embed type="application/x-ftv" viewfile="[path]/myviewfile.ftv"
      width="100%" height="100%"

    You would insert the following function call in its place:

      <script language="JavaScript" type="text/javascript">
      FT_WriteObj('safe', ' [path]/myviewfile.ftv' );

    Using the CleverPath Forest & Trees Content Handler

    When using the CleverPath Forest & Trees content handler in a CleverPath Portal environment, CleverPath Forest & Trees view files are handled by the capftwch.htm web page template file. In order to prevent the CleverPath Forest & Trees Runtime ActiveX Control from being loaded in an inactive state on Portal pages, you must update the capftwch.htm file using the method described in solution 1.

    Using solution 1 in a CleverPath Portal environment requires that you copy the external JS file to a location where all users accessing view files in your portal will be able to access it. One such location would be [Portal_install_dir]/ content/html/javascript. Be sure to modify AC_ViewFile.js changing the default values for id, width, height, codebase, and pluginspage if necessary to suit your environment. With AC_ViewFile.js l ocated in [Portal_install_dir]/ content/html/javascript your template file might look something like this:

      <script src="/servlet/media/html/javascript/AC_ViewFile.js" language="JavaScript" type="text/javascript"></script>
        <script language="JavaScript" type="text/javascript">
      FT_WriteObj('safe', '&documentURL&?SESSION=&sessionKey&&PASSTHRU=TRUE'); 

    Solution 2: Users that are delivering individual embedded applications outside of a content handler. (i.e. through an html page)

    If your site has only a few embedded applications and you are not using the CleverPath Forest & Trees Portal Content Handler, you may want to use the following solution. To implement this, you need to create unique external JavaScript (JS) files for each page on your site that contains an embedded application. Note: If you have more than one embedded application on a page, create unique functions (see Step 1) within the external JS file to write tags for each separate application.

    The steps to do this are:

    1. Create and place the external JS file on your site. In this example, call it ftwapp.js. This script needs to write the full object/embed tag that was previously in your HTML file. For example:

      function InsertMyViewFile()
      //F&T 7.1 or later users, make sure you are specifying the desired
      //clsid here (safe mode or unrestricted mode)
      document.write('<object id="FTW" classid="clsid:5FADE212-B755-11D1-BA39-00C04FD60C4B" ...>\n');
      document.write('<param name="viewfile" value="[path]/myviewfile.ftv" />\n');
      document.write('<embed name="FTW" type="application/x-ftv"
      viewfile="[path]/myViewFile.ftv" />')

  • Add a JavaScript include statement that points to the JavaScript file from Step 1 to the <head> section of the web page that embeds the content.

    <script src="[path]/ftwapp.js" language="JavaScript" type="text/javascript"></script>

  • Replace each <object> or <embed> tag with a call to the appropriate external functions as follows:

    <script language="JavaScript" type="text/javascript" >
    InsertMyViewFile ();
  • Example:

    This html code:

      <object name="FTW" classid="clsid:2863DDE9-3BFD-41CE-B98E-F8497089B01C">
      <param name="ViewFile" value="http://mywebserver/myViewFile.ftv" />
      <embed name="FTW" type="application/x-ftv"
      viewfile="http://mywebserver/myViewFile.ftv" />

    could be replaced by:

      <script src="[path]/ftwapp.js" language="JavaScript"
      <script language="JavaScript" type="text/javascript">

    where [path]/ftwapp.js contains the InsertMyViewFile() function which write the object/embed tag.

    What About Users Who Have JavaScript Turned Off?

    These suggested solutions rely on JavaScript. If you a re making applications available outside of your corporate network or on a network where you are not controlling browser settings, a small percentage of visitors to your site may have disabled JavaScript (Active Scripting) in their browsers. The techniques suggested above will not work for these users-they won't see your embedded content at all. One thing to keep in mind is that many or most IE users who have disabled JavaScript may have also disabled ActiveX support; users who have disabled ActiveX have not been seeing CleverPath Forest & Trees applications displayed in their browsers anyway. The migration to JavaScript techniques for embedded applications doesn't alter or affect their experience. You only need to be concerned with users who have disabled JavaScript, but have ActiveX enabled.

    To provide for the small percentage of users who have disabled JavaScript but have enabled ActiveX, you can insert the <object> and <embed> tags directly into the HTML, but put them within a <noscript> tag. The <noscript> tag is a standard tag that provides fail-safe alternative code for users who have disabled JavaScript. Here's an example of a standard embedded CleverPath Forest & Trees view file nested in a <noscript> tag:

    <!-For unrestricted mode specify "clsid:5FADE212-B755-11D1-BA39-00C04FD60C4B"-->
    <object classid="clsid:2863DDE9-3BFD-41CE-B98E-F8497089B01C" id="FTW"
    <param name="viewfile" value="http://mywebserver/myviewfile.ftv" />
    <embed src="http://mywebserver/myviewfile.ftv" type="application/x-ftv"
    pluginspage="http://mywebserver/getftwruntime.htm" />

    Users who have JavaScript disabled will see an inactive CleverPath Forest & Trees Runtime ActiveX Control. They will need to click or use the keyboard to activate the control.

    We take pride in our technical documents and are interested in your feedback. Please email your comments to us directly at: portalsdksupport@ca.com