Internet Explorer Window Restrictions

IT Support Forum Forums Windows Windows Server 2003 R2 General Discussion Internet Explorer Window Restrictions

This topic contains 0 replies, has 1 voice, and was last updated by  Webmaster 3 months, 1 week ago.

  • Author
    Posts
  • #2209

    Webmaster
    Keymaster

    Applies To:Windows Server 2003 with SP1
    Note
    The Microsoft Windows Server 2003 InternetExplorer Enhanced Security Configuration component (also known as
    Microsoft InternetExplorer hardening) reduces a server’s vulnerability to attacks from Web content by applying more
    restrictiveInternetExplorer security settings that disablescripts, ActiveX components,and file downloads for resources in the
    Internet security zone. As a result, many of thesecurity enhancements included in thelatest release of InternetExplorer will
    not beas noticeablein Windows Server 2003 Service Pack 1.For example, the new InternetExplorer Information Bar and
    Pop-up Blocker features will not be used unless thesiteis in a zone whosesecurity setting allows scripting. If you are not
    using theenhanced security configuration on your server, thesefeatures will function as they do in Windows XP Service
    Pack 2.
    What does Window Restrictions do?
    InternetExplorer provides thecapability for scripts to programmatically open additional windows of various types,and to
    resizeand reposition existing windows.The Window Restrictions security feature, formerly called UISpoofing Mitigation,
    restricts two types of script-initiated windows that have been used by malicious persons to deceive users:
    HTML popup windows created by the window.createPopup() method; theappearance of these HTML pop-ups is
    determined completely by thecaller.
    New InternetExplorer frame windows (also referred to as “pop-up windows”) created by the window.open() method.
    These new frame windows can either show or not show interfaceelements (such as a title bar, status bar,address bar,
    and so on) depending on the sFeatures parameter of the window.open() call.
    The Window Restrictions featurealso constrains script-initiated movement of theframe window to prevent repositioning or
    resizing theframe window in such a manner thatkey elements are outsidethevisible display area.This affects thefollowing
    methods:
    moveTo
    moveBy
    resizeTo
    resizeBy
    and thefollowing properties:
    Left
    Top
    Width
    Height
    The Window Restrictions featurealso forces thestatus bar to be displayed on all windows created by the window.open()
    method.
    Who does this feature apply to?
    Web developers should beaware of these new restrictions to plan changes or workarounds for any possibleimpact to their
    Web site.
    Application developers should review this featureto plan to adopt changes in their applications.This featureis only enabled by
    default for InternetExplorer processes. Developers must register non-InternetExplorer applications to takeadvantage of the
    changes
    What existing functionality is changing in Windows Server 2003 Service Pack 1?
    Script positioning of InternetExplorer windows
    Detailed description
    Script-initiated placement of new InternetExplorer frame windows and script-initiated positioning of existing frame windows
    areconstrained to ensurethatkey security-related interfacecomponents (thetitleand status bars,and address bar if
    displayed) remain visibleafter the operation completes.
    Scripts cannot position windows so that thetitle bar or address bar areabovethevisibletop of the display.
    Scripts cannot position windows such that thestatus bar is below thevisible bottom of the display.
    Why is this change important?
    Without this change,existing-window movement using the moveTo and moveBy methods and the Left and Top properties,and
    new windows thatarecreated by the window.open() method can becalled by scripts and used to spoof a user interface or
    desktop or to hide malicious information or activity by one of thethreefollowing methods:
    Positioning the window such that thetitle bar, status bar, or address bar are off-screen.
    Positioning the window to hideimportantelements of the user interfacefrom the user.
    Positioning the window so that it is entirely off-screen.
    Thevisiblesecurity features of InternetExplorer windows provideinformation to the user to help the user ascertain thesource
    of the Web pageand thesecurity of thecommunication that uses that page.When theseelements are hidden from view, users
    might think they are on a moretrusted page or interacting with a system process when they areactually interfacing with a
    malicious host. Malicious use of window relocation can present falseinformation to the user, obscureimportant information,
    or otherwise”spoof” importantelements of the user interfacein an attempt to motivatethe user to take unsafeactions or to
    divulgesensitiveinformation.
    What works differently?
    This change places constraints on script-initiated positioning of existing InternetExplorer frame windows and of new frame
    windows created using the window.open()method, to ensurethat thetitle bar and status bar in these windows arealways
    visibleto the user.Scripts cannot movea window off-screen,although the user can still movea window off-screen. If you
    maintain a script that creates off-screen windows in InternetExplorer,you need to changeyour code.
    How do I resolve these issues?
    If your script creates or moves a window off-screen,you should examinethis requirementand alternate ways to accomplish
    your goal.
    Script sizing of InternetExplorer windows
    Detailed description
    Script-initiated resize operations on InternetExplorer frame windows areconstrained to ensurethat thetitle bar and status bar
    remain visibleafter the operation completes.
    Scripts cannot resizeexisting frame windows or create new frame windows in such a manner that thetitle bar,address bar, or
    status bar cannot beseen.
    When creating a window, the definition of the fullscreen=yes specification is changed to mean “show the window as
    maximized,” which will keep thetitle bar,address bar,and status bar visible.
    Why is this change important?
    Without this change,existing InternetExplorer frame windows can beresized or new frame windows can becreated using the
    window.open() method and used to spoof a user interface or desktop or to hide malicious information or activity by sizing the
    window so that thestatus bar is notvisible.
    InternetExplorer windows providevisiblesecurity information to the user to help them ascertain thesource of the Web page
    and thesecurity of thecommunication with that page.When theseelements are not in view, the user might think they are on a
    moretrusted page or interacting with a system process when they areactually interacting with a malicious host. Malicious uses
    of window sizing can obscureimportant security-related information,and otherwisespoof importantelements of the user
    interfacein an attempt to motivatethe user to take unsafeactions or to divulgesensitiveinformation
    What works differently?
    With this change, thereareconstraints on script-initiated resizing operations on existing InternetExplorer frame windows and
    on thesize of the new frame windows created using the window.open() method, to ensurethat thetitle bar and status bar of
    these windows is always visibleto the user.Theresult is thata script cannot open a window in kiosk mode,a modethat does
    not display thetitle bar,address bar,and status bar, which present important security information to the user.
    The user can chooseto display a window in kiosk mode.This election is still persistent.
    How do I resolve these issues?
    Script-initiated windows will be displayed fully, with theInternetExplorer title bar and status bar.The user or thesite
    administrator can manually changethis state.
    Script management of InternetExplorer status bar
    Detailed description
    InternetExplorer has been modified to always display thestatus bar in InternetExplorer frame windows created using the
    window.open()method.
    Why is this change important?
    Without this change, windows thatarecreated using the window.open() method can becalled by scripts and spoof a user
    interface or desktop or hide malicious information or activity by hiding importantelements of the user interfacefrom the user.
    Thestatus bar is a security feature of InternetExplorer windows that provides InternetExplorer security zoneinformation to
    the user.This zonecannot bespoofed,and lets the user know exactly what security zonethe displayed content is in.When the
    status bar is hidden from view, the user might think they are on a moretrusted page when they areactually interacting with a
    malicious host.
    What works differently?
    On all windows created by the window.open() method, thestatus bar will be displayed so that thesecurity zoneis visibleto the
    user.The’status=no’ or ‘status=0’ specifications in the sFeatures parameter of the window.open() method areignored.
    Application impact depends on the operation carried out on the window as follows:
    window.open() method calls will not need to be modified, becausethe optional width and heightvalues passed in the
    sFeatures parameter specify thesize of thecontentarea of the windows and do not includethetitle bar, status bar,and
    other window attributes.
    resizeTo() method calls might need to be modified becausethesize parameters of the resizeTo() method arefor the
    entireInternetExplorer frame window. Application that have been creating new frame windows with no status bar using
    the windows.open() method and subsequently resizing them using the resizeTo() method will need to be modified to
    account for thefact that the windows now havea status bar.
    InternetExplorer HTML pop-up window placement
    Detailed description
    HTML pop-up windows are now constrained so that they:
    Do notextend abovethetop or below the bottom of thecontent window from which they arecreated.The”content
    window” is thetop-level DOM window object for the page;visually it is thearea wherethe HTML content is displayed,
    and extends from the bottom of thelowest displayed interfacecomponentat thetopic of theInternetExplorer frame
    window (thetitle bar, menu, tool bar, or address bar) to thetop of thestatus bar).
    Are not taller in height than thecontent window.
    Overlap thecontent window horizontally.
    Appear immediately abovethecontent window, so that other windows (such as a dialog box) cannot be hidden.
    Areautomatically repositioned to satisfy theconstraints aboveif thecontent window moves.
    Why is this change important?
    Pop-up windows arecreated by the window.createPopup() method and arealso called chromeless windows becausethey do
    not havethe border “chrome” components, such as theaddress bar, title bar, status bar,and toolbars.Without theconstraints
    previously described, these windows:
    Can be opened on top of a dialog boxand obscure or replaceimportantelements.
    Can be used to overlay theaddress bar with a differentaddress.
    Can simulatea full-screen Windows desktop with a password dialog box.
    Unrestricted chromeless windows can deceivethe user in several ways:
    A chromeless pop-up window that is opened on top of a dialog box can obscure or replaceimportantelements of the
    dialog box, such as warning textand selection or action controls. (Theseincludecheck boxes, option buttons,and so on.)
    This might lead the user to a responsethat might beinappropriate or harmful.
    A chromeless pop-up window can overlay theaddress bar with an address that is different from theactual address of the
    page, which gives the user a falsesense of security. In thesame way, it can overlay thestatus notification area, so it might
    indicatethat InternetExplorer is displaying a secure Web page(which displays a URL beginning with https://) Because of
    this, the user might think that security is in effect for the page when no such security exists.
    A chromeless pop-up can usetheentire display.With this method,a malicious user can simulatea full-screen Windows
    desktop with a password dialog box, with a malicious script that captures the user’s privateauthentication information.
    What works differently?
    HTML pop-up windows areconstrained horizontally,vertically,and in order of placement on top of other windows.
    An HTML pop-up window mustappear between thetop and bottom of its parent window’s chrome, so it does not overlap the
    InternetExplorer address bar, title bar, status bar, or toolbars.
    Horizontally,an HTML pop-up window mustalways overlap somearea of its parent window.
    An HTML pop-up window must stay immediately on top of its parent, so it cannot be placed over other windows.
    Theseconstraints mightaffect theappearance of an HTML pop-up window if it has been designed to display in an area that is
    larger or separatefrom its parent window.The HTML pop-up windows might berepositioned and mightalso betruncated,
    which might obscuresome of theinformation displayed in that window.
    How do I resolve these issues?
    Redesign the HTML pop-up window to fit into theconstraints of this mitigation.
    What settings are added or changed in Windows Server 2003 Service Pack 1?
    Thereis only onesetting for this feature.This setting either enables the Windows Restrictions or does notenablethem.For
    application compatibility, this featureis notenabled by default for non-InternetExplorer processes.
    InternetExplorer Windows Restrictions Settings
    Setting
    name
    Location Previous
    default
    value
    Default
    value
    Possible
    values
    IExplore.exe
    Explorer.exe
    Msimn.exe
    WMPlayer.exe
    HKEY_LOCAL_MACHINE (or Current User)\Software\Microsoft \Internet
    Explorer\Main \FeatureControl \FEATURE_WINDOW_RESTRICTIONS\
    Not
    applicable
    1 0 – Off
    1 – On
    Do I need to change my code to work with Windows Server 2003 Service Pack 1?
    Thescript will call thesame methods for thecreation of an InternetExplorer window with chrome(using the window.open()
    method) or an InternetExplorer chromeless pop-up window (using the window.createPopup() method). However, the design
    might need to bereviewed to ensurethat pop-up windows areappropriately visibleto the user and that thestatus bar contains
    accurateinformation.

You must be logged in to reply to this topic.