I'm currently designing a website, and decided to use external
javascript files as a basic templating system - basically by putting
code sections common to multiple pages in javascript files, so that
when making changes I only have to update one file rather than many.
However when I load the html file in my browser (IE 6.0) it doesn't
include the content enclosed in the javascript file and a message
flashes up to say some content has been supressed as it could be
harmful/access my computer (something like that). While I could click
and opt to allow the content to appear, I can't rely on visitors to my
site doing the same. The content of the Javascript file was totally
harmless - basically just a load of document.write commands - so I
assume it was the calling of the .js file itself that my browser
objected to. As I'm sure my browser security options are set to the
default, do most computers/browsers restrict such content now? Is it
just javascript scripts that are resricted in this way or are other
scripting languages affected too?

Thanks

Nakmeister

---

Clarification of Question by nakmeister-ga on 02 Jul 2005 02:51 PDT

Thanks, all of the comments have been really helpful. If I run it from
my webserver it runs fine.

Thanks

Nakmeister

The only sure way to organise your site without subjecting vistors to
the anxiety of browser warnings is to include no controversial
features in your site.   That means no Javascript, Java, ActiveX,
Flash plugins etc.  Assuming you take that route you then have to plan
how to organise the common parts of your site using only server-side
technology (which could include CGI scripts that execute when a page
is viewed, scripts to generate content using certain templates, and
stylesheets which I don't know much about).  This is also useful for
compatibility with whatever browser your visitor has chosen.

The other main option is to convince your visitors to accept the kind
of client-side stuff you are offering - which may be satsifactory on
your site but I regard it as a bad example and exposing them to risk
if they visit arbitrary other sites with the same browser settings. 
There are abundant examples of allowing client-side code being harmful
to browsers and the techniques such as signing code and classifying
sites into more and less trusted groups do not seem like a reliable
way to deal with it.

As Bozo99 said, use server-side technology. A good way to accomplish
what you're doing is writing a MySQL database (populated with your
common-texts as data fields) and use PHP language to access the
database on your actual page. A crash-course in MySQL and PHP to
accomplish the basic funtions you need would not be that intense.
Check out PHPO/MySQL for Dummies (seriously! it rocks!) for the basic
ideas.

-melt

Did this happen when you were previewing the web site on your local
PC? I just noticed the other day that the same thing happened to me.
However, it does not do this to me when it is loaded on my actual
domain name. The reason is probably because Javascript language is
used by Windows Scripting Host.

When Javascript runs on a web site, it has restricted permissions. It
cannot do anything destructive. However, when Javascript is run on the
local PC, it has rights to do pretty much anything, hence the warning.

Sometimes IE blocks content originating from your computer. Try
putting it onto the internet to check if it works then.

you are probably using a file based local URL.(example
C:\XXX\FOLDER\photosample.html

Try running your page from a webserver so that the path is served via
http (http://localhost/photosample.htm)