MSXML Parser version 5 not marked as safe in IE7

The XMLHttpRequest object is native in IE7 and is prefered to use but if your code is creating the ActiveX version of the XHR-object then make sure you do not initiliaze version 5.0 as it is not marked as safe in IE7. All previous versions are marked as safe and the user is not prompted with the security bar to allow the object.

Example that will bring up the security bar:

 var oXML, XMLParserList = new Array ( "Microsoft.XMLHTTP", "MSXML2.XMLHTTP", "MSXML2.XMLHTTP.3.0", "MSXML2.XMLHTTP.4.0", "MSXML2.XMLHTTP.5.0" );
 for ( var i = XMLParserList.length; i>0;i--) {
  try {
   // Test for MSXML obj
   alert( XMLParserList[i-1] );
   oXML = new ActiveXObject( XMLParserList[i-1] );
   break;
  }
  catch(e) {}
 }

So remove version 5.0 from the array if you use a similar solution.

I have used the code above to find out what the newest version of XML Parser is installed on the client. I am not sure how important this is on the client but the newer versions of XML Parser have performance improvements.

Technorati: XMLHttpRequest, Ajax, IE7

Related Posts

• 21 Sep 2010 » XSS vulnerability on twitter.com
• 03 Sep 2010 » Rails photo gallery Balder on Heroku and S3
• 13 Jul 2010 » Why Rule.fm sucks