ActiveX miseries

Reading Time: 2 minutes

It’s just come to my attention (on account of installing the latest security patches for Windows from Microsoft) that a small but profound change has been made to the way Internet Explorer handles ActiveX plugins (such as Flash, PDF, Quicktime and Java).

Owing to a patent dispute with a no-name company called Eolas, who licensed a patent for embedded applications from the University of California in 1994, Microsoft has changed IE so that, by default, users are asked to click on any ActiveX control to activate it before they can interact with it (see Volkswagen’s Phaeton site for an example of this in action – at least until they change it). The issue was brought to my attention by my wife, who runs an online boutique that has a Flash element on its home page.

There’s much comment on the web about the Redmond Goliath being brought low by a small, doughty (not to mention litigious) David, plus a lot of grumbling about Microsoft bundling the patch with its April round of Windows security updates, but relatively little about how to get around the issue.

It turns out that doing this is pretty easy – rather than referencing the plug-in directly in the HTML, as in the example below:

<EMBED src="hp_anim.swf" menu="false" quality=high bgcolor=#FFFFFF  WIDTH="532" HEIGHT="355" NAME="hp_anim" ALIGN="" TYPE="application/x-shockwave-flash" PLUGINSPAGE="http://www.macromedia.com/go/getflashplayer">
</EMBED>

you just have to move the HTML into a separate file and write it out using JavaScript document.write commands:

<script language="JavaScript" type="text/javascript" src="flash.js"></script>

and, in flash.js:

document.write(‘<EMBED src="hp_anim.swf" menu="false" quality=high bgcolor=#FFFFFF  WIDTH="532" HEIGHT="355" NAME="hp_anim" ALIGN="" TYPE="application/x-shockwave-flash" PLUGINSPAGE="http://www.macromedia.com/go/getflashplayer">’);
document.write(‘</EMBED>’);

Pretty simple, really, and for me, that’s what rankles. If something is so easy to get round, why is it necessary to make everybody implement the workaround? Why not just agree licencing for the patent and let everybody get on with their work?

If you want to read more about the techniques to get round this latest piece of litigious nonsense, there’s a good article on the Microsoft website about it.