[WEB4LIB] Re: Mac Mozilla CSS image includes problem
Keith Jenkins
kgj2 at cornell.edu
Wed Jan 12 09:37:14 EST 2005
On Tue, 11 Jan 2005 13:58:24 -0800 (PST), Bobb Menk <bmenk at ll.mit.edu> wrote:
> Under the Privacy and Security preferences, there's a setting for
> "Images". This was set to "Accept images that come from the originating
> server only" If I set it to "Accept all images" the missing ones
> magically appear.
>
> Now to find out if that's the default setting in Mozilla as configured
> for distribution by our IT Dept or not...
We noticed a similar situation recently with XML files not being able
to access XSL stylesheets that were not on the same server. This was
a problem in both MSIE and Firefox.
Apparently, it is considered somewhat risky for an XML file to link to
an XSL stylesheet that is not on the same server, presumably because
someone at the other server could, at any moment, unexpectedly change
the XSL stylesheet to something different, if not malicious. (I don't
think it's as much of a security issue with images. My guess is that
"Accept images that come from the originating server only" was
probably just a way of blocking banner ads.)
In MSIE, you can change the security settings by going to the menu
item "Tools > Internet Options". Click on the "Security" tab, and
click "Custom Level..." Scroll down almost half way to "Miscellaneous
> Access data sources across domains". It probably says "Disable"
(which I think may have been a relatively recent IE security patch--I
remember getting a prompt in the past). Change this to "Prompt".
After doing this, if you load an XML file which links to an
externally-located stylesheet, you should get a prompt saying "This
page is accessing information that is not under its control . . ." If
you click "yes", then you should see the XML as transformed into HTML.
I haven't yet found a similar setting in Firefox. Does anyone know?
Of course, we can't expect all our users to run through that routine
of changing their settings, so the best solution is to simply put the
XSL file on the same server as the XML data.
-Keith
Keith Jenkins, Metadata Librarian
Mann Library, Cornell University
kgj2 at cornell.edu * 607-255-7953
More information about the Web4lib
mailing list