I’m developing a JavaScript application that’s meant to be run either from a web server (over http) or from the file system (on a file:// URL).
As part of this code, I need to use XMLHttpRequest to load files in the same directory as the page and in subdirectories of the page.
This code works fine (“PASS”) when executed on a web server, but doesn’t work (“FAIL”) in Internet Explorer 8 when run off the file system:
<html><head>
<script>
window.onload = function() {
var xhr = new XMLHttpRequest();
xhr.open("GET", window.location.href, false);
xhr.send(null);
if (/TestString/.test(xhr.responseText)) {
document.body.innerHTML="<p>PASS</p>";
}
}
</script>
<body><p>FAIL</p></body>
Of course, at first it fails because no scripts can run at all on the file system; the user is prompted a yellow bar, warning that “To help protect your security, Internet Explorer has restricted this webpage from running scripts or ActiveX controls that could access your computer.”
But even once I click on the bar and “Allow Blocked Content” the page still fails; I get an “Access is Denied” error on the xhr.open call.
This puzzles me, because MSDN says that “For development purposes, the file:// protocol is allowed from the Local Machine zone.” This local file should be part of the Local Machine Zone, right?
How can I get code like this to work? I’m fine with prompting the user with security warnings; I’m not OK with forcing them to turn off security in the control panel.
EDIT: I am not, in fact, loading an XML document in my case; I’m loading a plain text file (.txt).
Hmm, could it be the difference between the native XMLHttpRequest object and the ActiveX one? I seem to remember something about that. That is, instead of
try
Obviously, put some checks in place to see if the browser supports ActiveX. Of course, this is limited to IE only, as well.