I have just installed XOOPS 2.0.6 for a little site (only needed to let some people dl some pictures from a party).

I added the xcGallery module and that is the only module I have activated.

Now, when I go to my site I am warned (by my firewall) that th webpage I am about to view contains an activeX element.

So my questions are:

- Does XOOPS contain ActiveX elements?

- If so, how do I once and for all erase all traces of ActiveX in XOOPS?

- Is it perhaps xcGallery that contanis ActiveX elements?

- If so, why are these elements activated on the frontpage, where xcGallery isn't activated?

- Or could my firewall (Norton) be seeing ghosts?



Personally I think ActiveX has nothing what-so-ever to do on a serious webpage - or any webpage, for that matter.

XOOPS has as far as I know no ActiveX elements. PHP and JavaScript, yes - but not ActiveX.

Could it be that it is something for e.g. stat generation or something, which is running "underneath" the web pages?

I know nothing of ActiveX and as such I am just fumbling, but there shouldn't be any elements in XOOPS.

Well, that was my understanding too (no ActiveX).

There might be something beneath (such as statistics gathering); hadn't thought about that possibility.

However, I occassionally meet the odd ActiveX element here on www.xoops.org as well.

Normally I just block it and I see no loss of functionality (not as far as I can tell, anyway).

A shot in the dark, but maybe it is talking about Flash banners, either on your XOOPS main, or in XCGallery.

(In other words, maybe it is detecting Flash and noting that it will be played with an ActiveX player.)

As a test, you could turn of banners in the XOOPS system admin.

If the message goes away, that was it.

Very odd. Have you tried reproducing the errors with a browser other than IE ?

My guess (and it's just a guess) is that the issue is with your browser, not the site.

Sunsnapper wrote:
Quote:

Never been using banners. But saw that it was turned on for my newly installed site (probably as default). Turned it off and it seems to have stopped the annoying "ActiveX" from appearing.

Will see if I encounter any "ActiveX" elements the coming days.

Thanks for the pointer. Would never have thought about it as I never use banners.


Thank you.

It seems as it might have been the Banners doing it. (See previous message).

I haven't checked the site with MSIE.

I never use MSIE as MSIE is approximately 2-3 years behind the actual standard within webdesign. It doesn't even support CCS 1 and CSS2 fully.

Had I used MSIE my guess too would have been that it was a browser issue.

Thanks for the idea, though.

However this is maybe a bit off-topic, but, you might want to know that some firewalls are way going beyond their territory... Active-X can be used really for bad purpose, but hey, if set security settings in IE allright there should be no problem.

And about that you are not browsing IE, I want to know what browser you are actually using? Since IE is the only browser on this moment, correct me if I'm wrong, that supports Active-X. I personally use Firefox and as far as I know it doesn't support active-x...

So I think your firewall is a bit over reacting, since you are not using a browser that can execute active-x components, what to be afraid of? You might want to contact the author of that firewall/program.

I use FireFox (and less often Opera - and occassionally a few other odd browsers) - and Firefox does support ActiveX (on some pages, if I block ActiveX I loose fuctionality when using FireFox).

Now, as far as I know, ActiveX is an OS-functionality, that the html-code calls. Much like AREXX on the AmigaOS Classic. It is not a browser-thing.


Anyway, ActiveX still should be forbidden any access to any webpage, as it is a windows only functionality and won't work on any other OS. Which is not a very good idea.


ActiveX furthermore gives a homepage the ability to execute programs on your computer and that is about as big a security hole as you can get. (Deleting the regdb, files etc. comes to mind.)

So no matter how you look at it ActiveX is definetely a no-no.



[/RAVE ON]

Besides, you wrote:
Quote:

This is simply not true. No matter how you set the security settings in MSIE you are running a program that is the largest single security hole in windows - number 2 being Outlook - with or without the Express extension.

In generel people should be discouraged to use MSIE and webdesigners should NOT go out of their way to make webpages MSIE complient. That only makes people believe, that MSIE is a usefull choice as a browser, when in fact it is not.
But alas, it is not a perefct world...

[/RAVE OFF]

A note on <embed>

Searched the web and found the following tidbit:
Quote:
fromhttp://www.alistapart.com/articles/flashsatay/ from 9 November 2002 – things might have changed.

Noticing that the banner-sections in XOOPS use <embed> for flash it might be a good idea to reconsider the use of <embed> and possibly take a look at <object> in stead.

But here I am a bit out of my league.