Testing Web pages with ActiveX content, such as Flash movies, locally in Internet Explorer can bring up the Information Bar, over and over, which is extremely annoying and makes testing even more of a chore for Web developers. Load page, click Information Bar, view content, load page, click Information Bar, view content, etc. Use the "Mark of the Web" trick to end this tedious cycle.

What is the Mark of the Web?

The Mark of the Web (MOTW) is a feature of Microsoft Internet Explorer that allows you to turn off, so to speak, the Information Bar by adding a simple comment directive in your HTML code. For example:

 
<!-- saved from url=(0014)about:internet -->

What is the Purpose of the Mark of the Web?

The Mark of the Web feature was added to Internet Explorer 6 for Microsoft Windows XP Service Pack 2 (SP2). The increased security restrictions when running ActiveX content in HTML pages locally cause Internet Explorer to prompt the user to allow the Active Content to run. Make sense? This behavior occurs only when the pages run locally, because at that point the page is running on someone's local computer rather than on a Web server. When run on the local computer, ActiveX could potentially have access to the user's local file system. If a hacker tricked a user into downloading a crafty and evil Web page, then Internet Explorer attempts to prevent the user from running malicious code by popping up the Information Bar asking for permission to run the content.

So, Why Do You Care?

Of course, ActiveX content such as Flash SWFs also trigger the Information Bar, which is why this behavior is such a hassle when testing Web pages locally that happen to contain a Flash movie.

Adding the Mark of the Web instructs Internet Explorer to run in the Internet Zone rather than the Local Machine Zone. The difference to you? No more Information Bar popups. Of course, this only works when viewing the page locally, which is the whole purpose. You cannot use this feature to prevent users from getting the Information Bar, when appropriate, while viewing pages on your Web site. Confused? A lot of people are. Don't worry. What should you do? Just add the comment if you get annoying Information Bar popups while testing Web pages.

Here's another example that shows the Mark of the Web comment in an HTML page snippet.

 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="fr" lang="fr">
<head>
<!-- saved from url=(0014)about:internet -->
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta name="Language" scheme="rfc3066" content="fr" />

A More In-Depth Look, What Does (0014) Mean, for example?

The Mark of the Web has two pieces of information you need to specify:

• The URL you want to associate this page with
• The length of the URL in terms of text characters

The URL used in the Mark of the Web

The URL really isn't that important. You can use any old URL. It doesn't even need to be a real URL. The URL you use could be "http://www.myfakeurl.com", for example:

 
<!-- saved from url=(0024)http://www.myfakeurl.com -->

If you do choose to use a real URL Internet Explorer checks to see if it's listed in one of your security zones, such as Local, Trusted, etc., and then runs the page using those permissions.

The Numbers in Parentheses in the Mark of the Web

The numbers are the string length, or number of characters, of the URL. Since the URL http://www.myfakeurl.com is 24 characters long, you would specify (0024). If you chose to use the URL http://foobar.org then you would specify (0017), for example:

 
<!-- saved from url=(0017)http://foobar.org -->

The string length you indicate can be less than the actual string length and Internet Explorer will use the number of characters you specify to map the URL to a security zone. So if you used <!-- saved from url=(0010)http://foobar.org --> then Internet Explorer would use just the first ten characters or "http://foo" to map the URL to a security zone, if it actually found the URL "http://foo" listed under Internet Options»Security. If, however, the string length you indicate is longer than the URL you specify, then Internet Explorer ignores the comment (Mark of the Web) and loads the page in the Local Machine zone. Make sense? If not, don't sweat it. Just use a comment that works and don't worry about all these details.

Conclusion

Well, I hope you know understand what the Mark of the Web is and how it benefits you when testing HTML pages in Internet Explorer locally ... that happen to include ActiveX content such as a Flash SWF.

The short answer to "How does this benefit me?7quot; is that the Information Bar doesn't keep popping up and annoying you while testing.