Internet Explorer Window Restrictions

IT Support Forum Forums Windows Windows Server 2003 R2 General Discussion Internet Explorer Window Restrictions

Viewing 0 reply threads
  • Author
    Posts
    • #2209
      Webmaster
      Keymaster

      Applies To:Windows Server 2003 with SP1
      Note
      The Microsoft Windows Server 2003 InternetExplorer Enhanced Security Configuration component (also known as
      Microsoft InternetExplorer hardening) reduces a server’s vulnerability to attacks from Web content by applying more
      restrictiveInternetExplorer security settings that disablescripts, ActiveX components,and file downloads for resources in the
      Internet security zone. As a result, many of thesecurity enhancements included in thelatest release of InternetExplorer will
      not beas noticeablein Windows Server 2003 Service Pack 1.For example, the new InternetExplorer Information Bar and
      Pop-up Blocker features will not be used unless thesiteis in a zone whosesecurity setting allows scripting. If you are not
      using theenhanced security configuration on your server, thesefeatures will function as they do in Windows XP Service
      Pack 2.
      What does Window Restrictions do?
      InternetExplorer provides thecapability for scripts to programmatically open additional windows of various types,and to
      resizeand reposition existing windows.The Window Restrictions security feature, formerly called UISpoofing Mitigation,
      restricts two types of script-initiated windows that have been used by malicious persons to deceive users:
      HTML popup windows created by the window.createPopup() method; theappearance of these HTML pop-ups is
      determined completely by thecaller.
      New InternetExplorer frame windows (also referred to as “pop-up windows”) created by the window.open() method.
      These new frame windows can either show or not show interfaceelements (such as a title bar, status bar,address bar,
      and so on) depending on the sFeatures parameter of the window.open() call.
      The Window Restrictions featurealso constrains script-initiated movement of theframe window to prevent repositioning or
      resizing theframe window in such a manner thatkey elements are outsidethevisible display area.This affects thefollowing
      methods:
      moveTo
      moveBy
      resizeTo
      resizeBy
      and thefollowing properties:
      Left
      Top
      Width
      Height
      The Window Restrictions featurealso forces thestatus bar to be displayed on all windows created by the window.open()
      method.
      Who does this feature apply to?
      Web developers should beaware of these new restrictions to plan changes or workarounds for any possibleimpact to their
      Web site.
      Application developers should review this featureto plan to adopt changes in their applications.This featureis only enabled by
      default for InternetExplorer processes. Developers must register non-InternetExplorer applications to takeadvantage of the
      changes
      What existing functionality is changing in Windows Server 2003 Service Pack 1?
      Script positioning of InternetExplorer windows
      Detailed description
      Script-initiated placement of new InternetExplorer frame windows and script-initiated positioning of existing frame windows
      areconstrained to ensurethatkey security-related interfacecomponents (thetitleand status bars,and address bar if
      displayed) remain visibleafter the operation completes.
      Scripts cannot position windows so that thetitle bar or address bar areabovethevisibletop of the display.
      Scripts cannot position windows such that thestatus bar is below thevisible bottom of the display.
      Why is this change important?
      Without this change,existing-window movement using the moveTo and moveBy methods and the Left and Top properties,and
      new windows thatarecreated by the window.open() method can becalled by scripts and used to spoof a user interface or
      desktop or to hide malicious information or activity by one of thethreefollowing methods:
      Positioning the window such that thetitle bar, status bar, or address bar are off-screen.
      Positioning the window to hideimportantelements of the user interfacefrom the user.
      Positioning the window so that it is entirely off-screen.
      Thevisiblesecurity features of InternetExplorer windows provideinformation to the user to help the user ascertain thesource
      of the Web pageand thesecurity of thecommunication that uses that page.When theseelements are hidden from view, users
      might think they are on a moretrusted page or interacting with a system process when they areactually interfacing with a
      malicious host. Malicious use of window relocation can present falseinformation to the user, obscureimportant information,
      or otherwise”spoof” importantelements of the user interfacein an attempt to motivatethe user to take unsafeactions or to
      divulgesensitiveinformation.
      What works differently?
      This change places constraints on script-initiated positioning of existing InternetExplorer frame windows and of new frame
      windows created using the window.open()method, to ensurethat thetitle bar and status bar in these windows arealways
      visibleto the user.Scripts cannot movea window off-screen,although the user can still movea window off-screen. If you
      maintain a script that creates off-screen windows in InternetExplorer,you need to changeyour code.
      How do I resolve these issues?
      If your script creates or moves a window off-screen,you should examinethis requirementand alternate ways to accomplish
      your goal.
      Script sizing of InternetExplorer windows
      Detailed description
      Script-initiated resize operations on InternetExplorer frame windows areconstrained to ensurethat thetitle bar and status bar
      remain visibleafter the operation completes.
      Scripts cannot resizeexisting frame windows or create new frame windows in such a manner that thetitle bar,address bar, or
      status bar cannot beseen.
      When creating a window, the definition of the fullscreen=yes specification is changed to mean “show the window as
      maximized,” which will keep thetitle bar,address bar,and status bar visible.
      Why is this change important?
      Without this change,existing InternetExplorer frame windows can beresized or new frame windows can becreated using the
      window.open() method and used to spoof a user interface or desktop or to hide malicious information or activity by sizing the
      window so that thestatus bar is notvisible.
      InternetExplorer windows providevisiblesecurity information to the user to help them ascertain thesource of the Web page
      and thesecurity of thecommunication with that page.When theseelements are not in view, the user might think they are on a
      moretrusted page or interacting with a system process when they areactually interacting with a malicious host. Malicious uses
      of window sizing can obscureimportant security-related information,and otherwisespoof importantelements of the user
      interfacein an attempt to motivatethe user to take unsafeactions or to divulgesensitiveinformation
      What works differently?
      With this change, thereareconstraints on script-initiated resizing operations on existing InternetExplorer frame windows and
      on thesize of the new frame windows created using the window.open() method, to ensurethat thetitle bar and status bar of
      these windows is always visibleto the user.Theresult is thata script cannot open a window in kiosk mode,a modethat does
      not display thetitle bar,address bar,and status bar, which present important security information to the user.
      The user can chooseto display a window in kiosk mode.This election is still persistent.
      How do I resolve these issues?
      Script-initiated windows will be displayed fully, with theInternetExplorer title bar and status bar.The user or thesite
      administrator can manually changethis state.
      Script management of InternetExplorer status bar
      Detailed description
      InternetExplorer has been modified to always display thestatus bar in InternetExplorer frame windows created using the
      window.open()method.
      Why is this change important?
      Without this change, windows thatarecreated using the window.open() method can becalled by scripts and spoof a user
      interface or desktop or hide malicious information or activity by hiding importantelements of the user interfacefrom the user.
      Thestatus bar is a security feature of InternetExplorer windows that provides InternetExplorer security zoneinformation to
      the user.This zonecannot bespoofed,and lets the user know exactly what security zonethe displayed content is in.When the
      status bar is hidden from view, the user might think they are on a moretrusted page when they areactually interacting with a
      malicious host.
      What works differently?
      On all windows created by the window.open() method, thestatus bar will be displayed so that thesecurity zoneis visibleto the
      user.The’status=no’ or ‘status=0’ specifications in the sFeatures parameter of the window.open() method areignored.
      Application impact depends on the operation carried out on the window as follows:
      window.open() method calls will not need to be modified, becausethe optional width and heightvalues passed in the
      sFeatures parameter specify thesize of thecontentarea of the windows and do not includethetitle bar, status bar,and
      other window attributes.
      resizeTo() method calls might need to be modified becausethesize parameters of the resizeTo() method arefor the
      entireInternetExplorer frame window. Application that have been creating new frame windows with no status bar using
      the windows.open() method and subsequently resizing them using the resizeTo() method will need to be modified to
      account for thefact that the windows now havea status bar.
      InternetExplorer HTML pop-up window placement
      Detailed description
      HTML pop-up windows are now constrained so that they:
      Do notextend abovethetop or below the bottom of thecontent window from which they arecreated.The”content
      window” is thetop-level DOM window object for the page;visually it is thearea wherethe HTML content is displayed,
      and extends from the bottom of thelowest displayed interfacecomponentat thetopic of theInternetExplorer frame
      window (thetitle bar, menu, tool bar, or address bar) to thetop of thestatus bar).
      Are not taller in height than thecontent window.
      Overlap thecontent window horizontally.
      Appear immediately abovethecontent window, so that other windows (such as a dialog box) cannot be hidden.
      Areautomatically repositioned to satisfy theconstraints aboveif thecontent window moves.
      Why is this change important?
      Pop-up windows arecreated by the window.createPopup() method and arealso called chromeless windows becausethey do
      not havethe border “chrome” components, such as theaddress bar, title bar, status bar,and toolbars.Without theconstraints
      previously described, these windows:
      Can be opened on top of a dialog boxand obscure or replaceimportantelements.
      Can be used to overlay theaddress bar with a differentaddress.
      Can simulatea full-screen Windows desktop with a password dialog box.
      Unrestricted chromeless windows can deceivethe user in several ways:
      A chromeless pop-up window that is opened on top of a dialog box can obscure or replaceimportantelements of the
      dialog box, such as warning textand selection or action controls. (Theseincludecheck boxes, option buttons,and so on.)
      This might lead the user to a responsethat might beinappropriate or harmful.
      A chromeless pop-up window can overlay theaddress bar with an address that is different from theactual address of the
      page, which gives the user a falsesense of security. In thesame way, it can overlay thestatus notification area, so it might
      indicatethat InternetExplorer is displaying a secure Web page(which displays a URL beginning with https://) Because of
      this, the user might think that security is in effect for the page when no such security exists.
      A chromeless pop-up can usetheentire display.With this method,a malicious user can simulatea full-screen Windows
      desktop with a password dialog box, with a malicious script that captures the user’s privateauthentication information.
      What works differently?
      HTML pop-up windows areconstrained horizontally,vertically,and in order of placement on top of other windows.
      An HTML pop-up window mustappear between thetop and bottom of its parent window’s chrome, so it does not overlap the
      InternetExplorer address bar, title bar, status bar, or toolbars.
      Horizontally,an HTML pop-up window mustalways overlap somearea of its parent window.
      An HTML pop-up window must stay immediately on top of its parent, so it cannot be placed over other windows.
      Theseconstraints mightaffect theappearance of an HTML pop-up window if it has been designed to display in an area that is
      larger or separatefrom its parent window.The HTML pop-up windows might berepositioned and mightalso betruncated,
      which might obscuresome of theinformation displayed in that window.
      How do I resolve these issues?
      Redesign the HTML pop-up window to fit into theconstraints of this mitigation.
      What settings are added or changed in Windows Server 2003 Service Pack 1?
      Thereis only onesetting for this feature.This setting either enables the Windows Restrictions or does notenablethem.For
      application compatibility, this featureis notenabled by default for non-InternetExplorer processes.
      InternetExplorer Windows Restrictions Settings
      Setting
      name
      Location Previous
      default
      value
      Default
      value
      Possible
      values
      IExplore.exe
      Explorer.exe
      Msimn.exe
      WMPlayer.exe
      HKEY_LOCAL_MACHINE (or Current User)\Software\Microsoft \Internet
      Explorer\Main \FeatureControl \FEATURE_WINDOW_RESTRICTIONS\
      Not
      applicable
      1 0 – Off
      1 – On
      Do I need to change my code to work with Windows Server 2003 Service Pack 1?
      Thescript will call thesame methods for thecreation of an InternetExplorer window with chrome(using the window.open()
      method) or an InternetExplorer chromeless pop-up window (using the window.createPopup() method). However, the design
      might need to bereviewed to ensurethat pop-up windows areappropriately visibleto the user and that thestatus bar contains
      accurateinformation.

Viewing 0 reply threads
  • You must be logged in to reply to this topic.