Hi, Eric. Thanks for replying. (Thanks to PA Bear, too.)
Yep, I was afraid that was a change to close off a security hole.
Here's what I'm trying to do. I'm writing some software in VB6 which
outputs HTML files. Embedded within the HTML will be lines like this:
<a href="javascript:MyFunc(1,'/somepage.htm')"><img src="filter.gif"></a>
/somepage.htm
or like this:
<a href="javascript:MyFunc(2,'Google')"><img src="filter.gif"></a> Google
The idea is that if the user wants to perform a "filter" operation on one of
these lines, they can drag and drop the filter icon (which is surrounded by
the <a> javascript tag) onto my VB UI. My VB program will look at the
dropped text, and if it starts with "javascript:MyFunc(" then it knows how
to decode the rest of the line and implement the specified filter. This is
a great way for me to integrate filtering capabilities between the HTML and
my VB UI in a browser-neutral manner and without requiring an ActiveX
control.
Note that the other benefit to this system is that if the user doesn't know
what those filter icons in the HTML do, they can just click on them, and
MyFunc will run:
function MyFunc()
{
alert("To filter on this value, just drag the filter icon to the VB
program.");
}
It's a nice, elegant solution. But now it's broken in SP2 (I understand
why).
Can you think of a workaround? Is there something I can do to restore the
ability to drag and drop a javascript <a> tag? I've already embedded a Mark
of the Web into the HTML, but that doesn't seem to help.
The obvious solution is to turn the trailing text (eg, "/somepage.htm") into
a link and have the user drag it instead of the filter image. But in
reality, the trailing text is already surrounded by another <a> tag (not
shown in the examples above), used for another purpose. So I can't do that.
The one solution I've considered is to change the <a> tag to something like
this:
<a href="
http://www.maximized.com/MyFunc.htm?Id=1&Value=/somepage.htm"
target="_blank"><img src="filter.gif"></a>
(I've only changed the <a> tag here, not the <img> or </a>.)
Then I could have a page on my site (@
www.maximized.com) which would
display the same help text as originally displayed by the javascript alert.
This solution is inferior to the original solution, IMHO, but at least it
would still work.
So, do you know of any workaround to restore the original behavior? Or,
does another (better, hopefully!) solution occur to you (or anyone else!)?
Much thanks,
Ken
