Conquering the Mark of the Web (DITA OT version)
Whew! Now I know how St. George felt after slaying the dragon. I’ve defeated the Mark of the Web beast and have lived to tell about it. Gather ’round my friends and listen to my tale…
When you click in the bar at the top of the page, you get a dialog box that asks (again!) for your permission. Of course, in implementing this, Microsoft broke almost all HTML-based Help systems that run directly from local storage. To overcome this annoyance, Microsoft then implemented the Mark of the Web or MOTW, a short string that lives in the <head> portion of an HTML file. When MOTW is present in an HTML file, IE doesn’t ask for permissions when running it from local storage.
The form of MOTW that I used is:
<!-- saved from url=(0014)about:internet -->
The string can indicate a domain (such as https://scriptorium.com) so that IE can determine which security zone to use. But if you don’t know the domain that will be used, you can use one of two generic URLs (as in my example). For details about the form of MOTW, start with the page on the MSDN site.
The MSDN site says “The line must end in CR LF. Some HTML editors only insert a LF.” So helpful. As it turns out, it’s not just the line containing MOTW, the WHOLE FILE must use CR LFs for its line end characters (thanks to Felix Turner’s comment on the MSDN site). Testing this was made much easier with the free PSPad editor, which allows me to update files with different line end characters with a simple command.
One more thing, you may need to add MOTW to many HTML files. If you’re working with an HTML frameset, the file containing the frameset and all other HTML files that will be used in the frameset must contain MOTW.
Once I had inserted MOTW from my XSL stylesheets and figured out the CRLF mystery, I found I could use Ant’s FixCRLF task to replace all line-end characters automatically. I just dropped this into the clean-up target in my Ant project file:
And it all works! Yay.
All that work for one beastly browser.