Overview

If you set the Default Layouts.Head Script to Mark of the Web, Second Site will add a special comment to output pages to try and avoid an obnoxious security feature of the Microsoft Internet Explorer (IE) and Edge browsers. The special comment is called the "Mark of the Web", and its presence instructs Microsoft browsers to treat the web page as if it was loaded from a remote web site rather than from the local hard drive. This, in turn, avoids a security warning that appears when the Mark of the Web comment is not present. The security warning appears near the top or bottom of the IE window when opening HTML files that are stored on the computer's hard drive or removable media. The message location and appearance varies by browser version.

For information about Head Scripts, see Page Scripts.

Limitations

Unfortunately, adding the Mark of the Web comment avoids one problem and introduces another!

If you are browsing pages with Internet Explorer or MS Edge, and the pages are on your hard-disk or removable media, the Mark of the Web comment prevents opening links to external documents included in the site, such as PDFs.

This makes it difficult for Second Site users to test web sites they are creating. During testing, the web pages are viewed locally, and thus they are subject to the limitation above. My recommendation is to use Firefox or another standards-compliant browser for most testing, and only use a Microsoft browser when you are specifically interested in how your site looks in that browser.

There is no such easy solution for users who are distributing web sites on removable media that include PDF documents, MS Word documents, or the like. Relatives or friends who are using a Microsoft browser will not be able to access those documents through links if the Mark of the Web comment is present. If the Mark of the Web comment is not present, they will see the security warning, even though there is no security risk.

So, if you are distributing your site on removable media, this is what I recommend:

  • If your site contains HTML pages and photographs or scanned documents only, set Default Layouts.Head Script to Mark of the Web. This will avoid the security warning and given there are no linked documents, there is no downside.
  • If your site contains linked PDF documents, MS Word documents, etc., set Default Layouts.Head Script to Standard. People who browse your site with a Microsoft browser will see a security warning, but they will have access to the documents. You may want to inform them of the security issue in a note that accompanies the site.

Microsoft believes that the insane Mark of the Web comment is a solution or feature, but in fact, it's just evidence that the security features in Microsoft browsers are broken. Other browsers stop malicious content using tactics that do not prevent access to legitimate content. The best way to protest is to stop using Microsoft browsers, and encourage your friends to stop, too. It's a small step, but Microsoft won't listen to any other input.

Triggering the Security Message

When the Mark of the Web comment is not present, three common activities can trigger a warning message in a Microsoft browser:

  • In Second Site, clicking the "Browse Site" button to view the copy of the site that is created on the user's PC
  • In Second Site, opening a help page by pressing the [F1] function key or by selecting a command in the Help Menu
  • When opening a web page from removable media whose content was created by Second Site

Second Site uses a Mark of the Web comment in this form:

<!-- saved from url=(0016)http://localhost -->

Prior to Second Site 6.1, the text was:

<!-- saved from url=(0014)about:internet -->

As of Second Site 6.1, the text is specified in the 2ndsite.ini file.

More Information

You can read more about the Mark of the Web via this url: http://msdn2.microsoft.com/en-us/library/ms537628.aspx. Microsoft changes their URLs more often than Imelda Marcos changes shoes, so the link may not work. If so, you can use a Google search to try and find it.

On This Page