Flash Forms and the Microsoft Eolas Fix

All, In case you didn't know Microsoft will be making a change to IE6 with their April 11 security patch (sorry if this is old news).   This came to my attention today when they made web developers here install the change and test our pages.   EVERYTHING USING FLASH FORMS BROKE!!  Well not exactly broke, you have to click on the flash form before it will do anything.  If you have a page that has nothing except a flash form that originally used remoting to show data, it won't do it until the user clicks on it.  Not likely if the user only sees a white page. Also, if you have a small flash form as part of a page with other stuff the following won't work until you click on the flash form: onactivate   ondragleave   onmouseout   onbeforeactivate   ondragover   onmouseover   onbeforecopy   ondragstart   onmouseup   onbeforecut   ondrop   onmousewheel   onbeforedeactivate   onfocus   onmove   onbeforepaste   onfocusin   onmoveend   onblur   onfocusout   onmovestart   onclick   onhelp   onpage   oncontextmenu   onkeydown   onpaste   oncontrolselect   onkeypress   onresize   oncopy   onkeyup   onresizeend   oncut   onlosecapture   onresizestart   ondblclick   onmousedown   onscroll   ondeactivate   onmouseenter   onselectstart   ondragend   onmouseleave       ondragenter   onmousemove       The fix from microsoft says to generate the embed, object, etc tags through an imported js or jscript file, but I don't generate these, CFMX7 does when I use cfform. Does anyone know how I can restore the functionality?  Our users will cause a big stink over this if we can't find a fix. Thanks, Steve

One reason more to use an other browser then IE. All, In case you didn't know Microsoft will be making a change to IE6 with their April 11 security patch (sorry if this is old news).   This came to my attention today when they made web developers here install the change and test our pages.   EVERYTHING USING FLASH FORMS BROKE!!  Well not exactly broke, you have to click on the flash form before it will do anything.  If you have a page that has nothing except a flash form that originally used remoting to show data, it won't do it until the user clicks on it.  Not likely if the user only sees a white page. Also, if you have a small flash form as part of a page with other stuff the following won't work until you click on the flash form: onactivate   ondragleave   onmouseout   onbeforeactivate   ondragover   onmouseover   onbeforecopy   ondragstart   onmouseup   onbeforecut   ondrop   onmousewheel   onbeforedeactivate   onfocus   onmove   onbeforepaste   onfocusin   onmoveend   onblur   onfocusout   onmovestart   onclick   onhelp   onpage   oncontextmenu   onkeydown   onpaste   oncontrolselect   onkeypress   onresize   oncopy   onkeyup   onresizeend   oncut   onlosecapture   onresizestart   ondblclick   onmousedown   onscroll   ondeactivate   onmouseenter   onselectstart   ondragend   onmouseleave       ondragenter   onmousemove       The fix from microsoft says to generate the embed, object, etc tags through an imported js or jscript file, but I don't generate these, CFMX7 does when I use cfform. Does anyone know how I can restore the functionality?  Our users will cause a big stink over this if we can't find a fix. Thanks, Steve

But that's no going to happen. It's all well and good for us developers to use alternate browsers, but until the overwhelming majority of users switch to something other than IE, that's what we use. <!----------------//------ andy matthews web developer ICGLink, Inc. andy@icglink.com 615.370.1530 x737 --------------//---------> One reason more to use an other browser then IE. All, In case you didn't know Microsoft will be making a change to IE6 with their April 11 security patch (sorry if this is old news). This came to my attention today when they made web developers here install the change and test our pages. EVERYTHING USING FLASH FORMS BROKE!!  Well not exactly broke, you have to click on the flash form before it will do anything.  If you have a page that has nothing except a flash form that originally used remoting to show data, it won't do it until the user clicks on it.  Not likely if the user only sees a white page. Also, if you have a small flash form as part of a page with other stuff the following won't work until you click on the flash form: onactivate   ondragleave   onmouseout onbeforeactivate   ondragover   onmouseover onbeforecopy   ondragstart   onmouseup onbeforecut   ondrop   onmousewheel onbeforedeactivate   onfocus   onmove onbeforepaste   onfocusin   onmoveend onblur   onfocusout   onmovestart onclick   onhelp   onpage oncontextmenu   onkeydown   onpaste oncontrolselect   onkeypress   onresize oncopy   onkeyup   onresizeend oncut   onlosecapture   onresizestart ondblclick   onmousedown   onscroll ondeactivate   onmouseenter   onselectstart ondragend   onmouseleave ondragenter   onmousemove The fix from microsoft says to generate the embed, object, etc tags through an imported js or jscript file, but I don't generate these, CFMX7 does when I use cfform. Does anyone know how I can restore the functionality?  Our users will cause a big stink over this if we can't find a fix. Thanks, Steve

> One reason more to use an other browser then IE. Yep...sure go tell the general public (i.e. the users) to switch browsers...good luck with that one. IE has won the browser war because Windows is shipped with most new computers and most users couldn't swicth browsers if they tried (which they don't very often).....get over it. Sure...we are all in the industry and know what is and is not a good tool.  The rest of the internet users do not have a clue and think the big blue E is the Internet. OK...rant's over Cheers Bryan Stevenson B.Comm. VP & Director of E-Commerce Development Electric Edge Systems Group Inc. phone: 250.480.0642 fax: 250.480.1264 cell: 250.920.8830 e-mail: bryan@electricedgesystems.com web: www.electricedgesystems.com

Actually MOST users think that the big AOL is the internet. :) <!----------------//------ andy matthews web developer ICGLink, Inc. andy@icglink.com 615.370.1530 x737 --------------//---------> Sure...we are all in the industry and know what is and is not a good tool. The rest of the internet users do not have a clue and think the big blue E is the Internet.

>>One reason more to use an other browser then IE. One more reason not to use Flash Forms. -- _______________________________________ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: piegeacon@internetique.com) Thanks.

That's weak at best. If there's a suitable fix, than I don't think it's fair to take a shot at Flash forms. They're good at what they were intended for and if they don't suit your needs, than learn Flex. !k >>One reason more to use an other browser then IE. One more reason not to use Flash Forms. -- _______________________________________ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: piegeacon@internetique.com) Thanks.

>>They're good at what they were intended for and if they don't suit your needs, than learn Flex. As an Internet user, I hate sites using Flash forms, and as a developper, I'm perfectly happy with plain HTML, CSS and Javascript. I also keep in mind that any technology which is not Microsoft is a potential problem with IE, ie Java (client side), Flash, Flex, you name it... You can hate IE, you can hate Microsoft, but you'll also have to hate more than 80% of your customers, and  as a developer, it is not an ideal situation. -- _______________________________________ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: piegeacon@internetique.com) Thanks.

> You can hate IE, you can hate Microsoft, but you'll also have to hate > more than 80% of your customers, > and  as a developer, it is not an ideal situation. Amen Claude....sure isn't rocket science is it ;-) Bryan Stevenson B.Comm. VP & Director of E-Commerce Development Electric Edge Systems Group Inc. phone: 250.480.0642 fax: 250.480.1264 cell: 250.920.8830 e-mail: bryan@electricedgesystems.com web: www.electricedgesystems.com

Wait a second, who doesn't hate more than 80% of their customers?  :) On 3/29/06, Claude Schneegans > > but you'll also have to hate > more than 80% of your customers, > and  as a developer, it is not an ideal situation. >

>>Wait a second, who doesn't hate more than 80% of their customers? He he, should have say "users" ;-) -- _______________________________________ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: piegeacon@internetique.com) Thanks.

This is only going to be a problem for people that apply the patch, and we all know almost nobody applies patches.  ;) This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. A1.

My company applies security patches religiously. Microsoft is adding the non-security related patch to it's IE security patch, so if you want to be able to plug the latest IE hole that is currently being exploited, you have to accept this also. This is only going to be a problem for people that apply the patch, and we all know almost nobody applies patches.  ;) This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. A1.

> Microsoft is adding the non-security related patch to it's IE security > patch, so if you want to be able to plug the latest IE hole that is > currently being exploited, you have to accept this also. It's not like MS haven't published the workaround *years ago*. Macromedia also updated their recommend 'how to embed Flash' code too. -- Tom Chiverton Advanced ColdFusion Programmer

Yeah, I was saying that tongue in cheek (I also apply patches in a timely manner).  Have you looked at Macromedia's support pages to see if they've got a work around?  Like you said, this code is generated on the fly by CF (flash forms), so it's not an easy job to "generate the embed, object, etc tags through an imported js or jscript file".  But you /could/ do it, by viewing the generated source of your flash form, and going from there. I have to say that I've been pretty upset about this Eolas patent and subsequent lawsuit from the beginning, even if I'm not a Microsoft fan and I hate IE. This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. A1.

> Microsoft is adding the non-security related patch to it's IE > security patch, so if you want to be able to plug the latest > IE hole that is currently being exploited, you have to accept > this also. I'm pretty sure that this is incorrect. The Eolas patch is separate, and you can choose not to install it while still installing actual security patches. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information!

Though that might be the case, end-users might do it anyhow. The fix includes writing out the object and embed tags by hand with JS. Why not capture the output with CFSaveContent and than output it wrapped with JS document.write? !k > Microsoft is adding the non-security related patch to it's IE > security patch, so if you want to be able to plug the latest > IE hole that is currently being exploited, you have to accept > this also. I'm pretty sure that this is incorrect. The Eolas patch is separate, and you can choose not to install it while still installing actual security patches. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information!

BTW... I'm not completely sure this is even needed. It seems that the outputted script already uses document.write unless they don't have JavaScript enabled... !k Though that might be the case, end-users might do it anyhow. The fix includes writing out the object and embed tags by hand with JS. Why not capture the output with CFSaveContent and than output it wrapped with JS document.write? !k > Microsoft is adding the non-security related patch to it's IE > security patch, so if you want to be able to plug the latest > IE hole that is currently being exploited, you have to accept > this also. I'm pretty sure that this is incorrect. The Eolas patch is separate, and you can choose not to install it while still installing actual security patches. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information!

Jacob, I have patented the hate for IE.  Please cease and desist hating IE unless you wish to pay a royalty.  That is all. M!ke Yeah, I was saying that tongue in cheek (I also apply patches in a timely manner).  Have you looked at Macromedia's support pages to see if they've got a work around?  Like you said, this code is generated on the fly by CF (flash forms), so it's not an easy job to "generate the embed, object, etc tags through an imported js or jscript file".  But you /could/ do it, by viewing the generated source of your flash form, and going from there. I have to say that I've been pretty upset about this Eolas patent and subsequent lawsuit from the beginning, even if I'm not a Microsoft fan and I hate IE.

Dave, I'm just going by the following which was sent to me: <snip> You're probably getting tired of hearing about this by now, but be advised that Microsoft plans to start including this with its cumulative IE security rollups (despite the fact that it's not security-related) on April 11th.  That means it could start showing up on company desktops shortly.  If you haven't already installed it and tested your ActiveX-using web site with it, now would be a good time to do so. </snip> As far as I know when the send out cumulative rollups its just one file that updates everything. (fyi even though this mentions getting tired of hearing about it I didn't get it until today) Steve > Microsoft is adding the non-security related patch to it's IE > security patch, so if you want to be able to plug the latest > IE hole that is currently being exploited, you have to accept > this also. I'm pretty sure that this is incorrect. The Eolas patch is separate, and you can choose not to install it while still installing actual security patches. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information!

Well, cfchart is also affected.  You have to click on the chart before you can click on any item that is a link.  Clicking twice to make it all work.  Sometimes it doesn't display the chart until the user clicks the object. So, the don't use flash forms doesn't argument doesn't have as much weight.  From my understanding anything that would use a java applet would be affected. Steve >>One reason more to use an other browser then IE. One more reason not to use Flash Forms. -- _______________________________________ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: piegeacon@internetique.com) Thanks.

This was mentioned shortly ago on the Team Macromedia list. I don't remember exactly what was said offhand, but I believe they are working on a hotfix for CF6.1 and CF7. I know they were doing something specifically for Flex and assume they won't just let the rest of us twist. s. isaac dealey     434.293.6201 new epoch : isn't it time for a change? add features without fixtures with the onTap open source framework http://www.fusiontap.com http://coldfusion.sys-con.com/author/4806Dealey.htm

Not to be a pain in the butt, but can anyone from MacroDobe (I just had to do it) confirm that.  It would be really nice to be able to stop spinning my wheels on something that will be patched before the Microsoft update. It would be nice if there was something official on the macromedia web site about the issue also.   This was mentioned shortly ago on the Team Macromedia list. I don't remember exactly what was said offhand, but I believe they are working on a hotfix for CF6.1 and CF7. I know they were doing something specifically for Flex and assume they won't just let the rest of us twist.

http://www.macromedia.com/devnet/activecontent/ !k Not to be a pain in the butt, but can anyone from MacroDobe (I just had to do it) confirm that.  It would be really nice to be able to stop spinning my wheels on something that will be patched before the Microsoft update. It would be nice if there was something official on the macromedia web site about the issue also.   This was mentioned shortly ago on the Team Macromedia list. I don't remember exactly what was said offhand, but I believe they are working on a hotfix for CF6.1 and CF7. I know they were doing something specifically for Flex and assume they won't just let the rest of us twist.

Sorry, I've got proof of prior art.  See you in court.  ;) [INFO] -- Access Manager: This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law.  If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.  Thank you.   A2

> That's weak at best. If there's a suitable fix, than I don't > think it's fair > to take a shot at Flash forms. They're good at what they were > intended for > and if they don't suit your needs, than learn Flex. If I understand things correctly, this patch will affect all types of flash.  Cfchart, cfform format="flash", flex, etc.  And I think they could eventually go after all plugins if someone doesn't stop them. ------------ This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. A1.

Bravo!  Good find.  It looks like they've already got a fix for Flex, and "In the coming weeks, Adobe expects to make available alternate solutions to Microsoft's script-based technique to help make it easier for developers who use active content prepare for the expected changes to Internet Explorer."  Hopefully that will cover CF/flash stuff as well. This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. A1.

Ok, so I've got a question for those of you smarter than me about IE. The Microsoft site that discusses this issue states: "Microsoft Internet Explorer users will not be able to directly interact with Microsoft ActiveX controls loaded by the APPLET, EMBED, or OBJECT elements."   If I read that correctly, that means that MS uses ActiveX to handle those three events in a page.  I didn't know that, and frankly I'm surprised their doing it that way, considering they've been shutting down so much ActiveX functionality because of security holes.  Am I confused? This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. A1.

> You can hate IE, you can hate Microsoft, but you'll also have to hate > more than 80% of your customers, What's wrong with that?  ;)  I do agree with you though, but it doesn't mean I have to stop hating IE.  One can be an expert on developing for IE (which I'm not), but still not like it.  However, I will say that I've been pretty encouraged by the previews of IE 7 I've seen.  It looks like MS is finally starting to pay attention to the web developers again.  Here's a quote from a recent c|net article: "[Bill] Gates also pledged to bolster the company's development efforts on Internet Explorer, which he said has lagged in recent years. 'In a sense we're doing a mea culpa, saying we waited too long for a browser release,' Gates said. 'I expect us to move very very rapidly there because we see great opportunities.'" http://news.com.com/Gates+looks+to+expand+view+beyond+Windows/2100-1007_ 3-6051400.html ------------------ [INFO] -- Access Manager: This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law.  If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.  Thank you.   A2

>>I do agree with you though, but it doesn't mean I have to stop hating IE. Right, but stoping using it is another issue. -- _______________________________________ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: piegeacon@internetique.com) Thanks.

> It looks like MS is finally starting to pay attention to the web > developers again.  Here's a quote from a recent c|net article: > "[Bill] Gates also pledged to bolster the company's development > efforts on Internet Explorer, which he said has lagged in recent > years. 'In a sense we're doing a mea culpa, saying we waited too > long for a browser release,' Gates said. 'I expect us to move > very very rapidly there because we see great opportunities.'" Call me paranoid (AND off-topic), but that sounds more like "Let's see how FireFox does hitting a fast moving target". Time and again, MS has shown that they might not be the fastest on the uptake (IE 6 was released on August 27th, 2001, if my googling serves), but once they do get moving they can apply a whole lot of developer hours to a given problem. As for the Active-X thing (can't be bothered making two posts) - it's also currently at the heart of xmlHttpRequest. /t

I think one of MS's biggest faults with IE is the lack of an easy way to run multiple versions of IE on the one computer. I, too, hate using Flash forms.  As an internet user, myself, I prefer the speed and simplicity of a well-designed HTML form.  Throw some AJAX in there and I'm elated. M!ke

>>Throw some AJAX in there and I'm elated. Exact, I forgot this one in the list. -- _______________________________________ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: piegeacon@internetique.com) Thanks.

> I read that correctly, that means that MS uses ActiveX to > handle those three events in a page.  I didn't know that, and > frankly I'm surprised their doing it that way, considering > they've been shutting down so much ActiveX functionality > because of security holes.  Am I confused? ActiveX is the standard way to run programs within IE. Flash, Java, or any other sort of "plug-in" functionality is provided through ActiveX. ActiveX is really just another name for the Component Object Model (COM), which is what Windows programs generally use to talk to each other. The security problems introduced by ActiveX revolve around two things - users' propensity to install any ActiveX control when prompted, and the fact that ActiveX applications run within the same security context as the program that calls them. Since that's the browser, and most people log into their desktops with accounts within the Administrators group, ActiveX programs run within that security context as well. With known ActiveX programs like Flash, the security problems tend to be less significant; although these ActiveX controls also run within the user's security context, the controls themselves tend to be a little more trustworthy and safe about how they handle the code that they themselves run. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information!

>>ActiveX is the standard way to run programs within IE. Depends what you call "standard". As far as Internet protocols and HTTP are concerned, ActiveX does not exist. -- _______________________________________ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: piegeacon@internetique.com) Thanks.

> > ActiveX is the standard way to run programs within IE. > > Depends what you call "standard". As far as Internet > protocols and HTTP are concerned, ActiveX does not exist. That is an utterly irrelevant statement. While ActiveX has as much to do with HTTP as it does with the price of tea in China, it is no less a standard than, say, the Mozilla plug-in architecture. And of course, COM has been the standard for Windows program interoperability for many, many years. You know, Windows, that commonly used desktop OS? Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information!

>>While ActiveX has as much to do with HTTP as it does with the price of tea in China, it is no less a standard than, say, the Mozilla plug-in architecture. I completely agree with you about both of them. >>And of course, COM has been the standard for Windows program interoperability for many, many years. You know, Windows, that commonly used desktop OS? Sure I know, but it depends if you are developing Windows applications or Internet Applications. For Internet apps, nor ActiveX nor Mozilla plug-ins nor COM are standard. -- _______________________________________ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: piegeacon@internetique.com) Thanks.

> If I understand things correctly, this patch will affect all > types of flash.  Cfchart, cfform format="flash", flex, etc.   > And I think they could eventually go after all plugins if > someone doesn't stop them. It will affect all dynamic content that is launched via ActiveX controls. On IE, that's pretty much "all plugins". Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information!

> It will affect all dynamic content that is launched via > ActiveX controls. On > IE, that's pretty much "all plugins". That's true, I think I confused things again.  It's been a long time since I've read any articles on this subject, but what I remember is that the attorneys that work for Eolas said that they will eventually go after all companies that are using their 'patented technology'.  That means Opera, Mozilla, Apple, etc.  And it could spread like a virus to include all companies that include such infringing technology, even if they didn't create it.  This was a year or two ago, so I don't know if they are still singing the same tune. -------------------- This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. A1.

Munson, Jacob wrote: > > That's true, I think I confused things again.  It's been a long time > since I've read any articles on this subject, but what I remember is > that the attorneys that work for Eolas said that they will eventually go > after all companies that are using their 'patented technology'.  That > means Opera, Mozilla, Apple, etc. Not Mozilla: http://www.eweek.com/article2/0,1895,1496493,00.asp Jochem

> Sure I know, but it depends if you are developing Windows > applications or Internet Applications. For Internet apps, > nor ActiveX nor Mozilla plug-ins nor COM are standard. No, but if you are using Flash or Java - two relatively common things used to build Internet applications - they will rely on the underlying functionality within the browser for running external applications. So, I'm not really sure what your point is. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information!

> For Internet apps, nor ActiveX nor Mozilla plug-ins nor COM > are standard. I guess it depends on what you mean by standard.  In Internet Explorer, ActiveX is a standard.  In Firefox, XUL is a standard (although, XUL is now being considered as a W3C standard).  In the Internet community ActiveX has not been accepted as a formalized standard, but Microsoft still uses it as a standard. -------------- [INFO] -- Access Manager: This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law.  If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.  Thank you.   A2

>>I guess it depends on what you mean by standard. In Internet technology, I mean an Internet standard, (call it W3C), not a Microsoft nor Mozilla nor Macromedia nor Adobe or whatever standard. -- _______________________________________ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: piegeacon@internetique.com) Thanks.

> That's true, I think I confused things again.  It's been a I suspect that they would exempt Mozilla for purely practical reasons - there's no money to be had from them. I recall reading a statement that said as much, but I can't attest to the accuracy of my memory. Opera and Apple would certainly be fair game for them. It is worth pointing out that the Eolas outcome probably works to Microsoft's benefit more than anyone else's, actually. Most people are not using generic ActiveX components for their web applications - they're using Flash, Java, etc. Except for that big check they had to write - we know how much Bill hates to write checks! "GATES Well everyone always does. Buy 'em out, boys! Bill Gates companions begin to trash the "office". HOMER Hey, what the hell's going on! GATES Oh, I didn't get rich by writing a lot of checks!" http://www.simpsoncrazy.com/information/scripts/5f11.shtml Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information!

> It is worth pointing out that the Eolas outcome probably works to > Microsoft's benefit more than anyone else's, actually. Most > people are not > using generic ActiveX components for their web applications - > they're using > Flash, Java, etc. I guess I'm confused again.  I thought that IE uses ActiveX to dynamically launch and display plugin based content.  So in our case, if we dump a flash form on our page, IE uses ActiveX to load up the Flash player. lol! [INFO] -- Access Manager: This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law.  If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.  Thank you.   A2

> In Internet technology, I mean an Internet standard, (call it > W3C), not > a Microsoft nor Mozilla nor Macromedia > nor Adobe or whatever standard. Yeah, those are industry standards, and I love and support them.  The problem is that the standards are useless unless the technology supports them.  IE has 80% market share in the US (larger elsewhere), so IE by default /is/ the standard. -------------- This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. A1.

> As for the Active-X thing (can't be bothered making two > posts) - it's also currently at the heart of xmlHttpRequest. That's a good point, I wonder if this patch affects that.  Good thing most of my site visitors use Firefox.  :) ---------- [INFO] -- Access Manager: This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law.  If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.  Thank you.   A2

> I guess I'm confused again.  I thought that IE uses ActiveX > to dynamically launch and display plugin based content.  So > in our case, if we dump a flash form on our page, IE uses > ActiveX to load up the Flash player. Yes, that's correct. But that's a little different from if, say, I wrote an ActiveX control of my own to do some specific task and put a reference to that in a web page. This is pretty rare, nowadays - it's too much work for too little return. Had this kind of use of ActiveX become more common, it would be much more detrimental to Microsoft to have that stop working. On the other hand, I doubt they're too broken up about Flash apps not working smoothly. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information!

> Yes, that's correct. But that's a little different from if, Right.  I just ran into such an ActiveX control last night, with my new laptop.  HP's update site installs a custom control to scan your machine.  It even checked the fragmentation level of my hard drive!  Not sure I'll ever run that again, but I was curious. ------------- [INFO] -- Access Manager: This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law.  If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.  Thank you.   A2

> It's not like MS haven't published the workaround *years ago*. > Macromedia also updated their recommend 'how to embed Flash' code too. That's nice, but what about CF's flash forms and cfchart? --------------- This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. A1.

As I mentioned, I've nearly got a custom tag fix completed. !k > It's not like MS haven't published the workaround *years ago*. > Macromedia also updated their recommend 'how to embed Flash' code too. That's nice, but what about CF's flash forms and cfchart? --------------- This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. A1.

BTW... does anyone want Flash detection built in? !k As I mentioned, I've nearly got a custom tag fix completed. !k > It's not like MS haven't published the workaround *years ago*. > Macromedia also updated their recommend 'how to embed Flash' code too. That's nice, but what about CF's flash forms and cfchart? --------------- This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. A1.

Yes, flash detection would be great.  Would your tag work for reg. flash movies called by a cfm? What w