The following is an interesting Internet Explorer issue that one of our MVPs recently noticed. He writes:We have a group policy object that sets Zone Elevation to Prompt for the Local Computer Zone ("Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone/Web sites in less privileged Web content zones can navigate into this zone" set to "Enabled: Prompt"). We also have disabled the Local Machine Zone Lockdown (LMZL) for Internet Explorer (under Windows Components/Internet Explorer/Security Features/Local Machine Zone Lockdown Security).
When I subsequently visit http://encompassnw.org, I’m prompted about zone elevation to “ieframe.dll” when I mouse over the “Children”, “Families”, etc. menu links on the left side of the page. What’s up with that?
to view the HTTP traffic as I interact with the site, I don’t see any HTTP requests made as I hover over the menu. If there really is a navigation leading to Zone elevation, it’s not using the HTTP protocol.
At this point, I still don’t know much, but I’ve got a few hunches…
IE made a number of changes to URL handling in IE7, but I know that ieframe.dll contains the error pages that IE7 displays when a navigation fails. I suspect that the Zone elevation prompt is actually being triggered by the navigation to an error page. Unfortunately, even when I click to “Allow” the Zone Elevation, I don’t see an error page, so I can’t confirm my theory.
turns up http://encompassnw.org/jscripts/menulib.js
, which contains the script:
This may well be the source of the problem. Using Fiddler’s QuickExec
box, I type bpafter menulib.js
to set a response breakpoint at the download of the script file. Hitting CTRL+F5 in IE refetches the entire page and its resources, and Fiddler breaks into editing mode when menulib.js is downloaded.
is causing the problem, I change the script line to:
document.body.insertAdjacentHTML("beforeEnd","<iframe id='"+BL+"' src='about:blank'
... and click Fiddler’s “Run to completion” button to send my modified script to Internet Explorer. Mousing around the menus, I no longer see the Zone Elevation prompt.
So, I know how to fix the URI, and but why would a Zone Elevation occur?
navigates to a HTML resource inside IEFrame.dll using the RES protocol. Since IEFrame.dll is on the local machine, this results in a Zone Elevation.