‘Security through obscurity’ or simply ‘Security incompetence’?

If you use a WebControl in a Windows Presentation Framework application that access to local JS files, it show this warning:

If i add
at the top of index.html,
IE 11 think is loaded from about:internet and will not display the Security warning. Currently i don’t know if is also a security issue.

Tested with Windows 10 – IE 11.

One thought on “‘Security through obscurity’ or simply ‘Security incompetence’?”

  1. I thought this was bad too back when I saw it. It’s been around for a while though. I encountered it when helping a Tech Writer figure out how to bypass that warning in his help text/documentation for a software product that was using an old version of RoboHelp (if I recall correctly…).

    If you look here you will see Microsoft even mentions the bypassing:

    A quick look says it’s been around since at least 2011, probably earlier… Didn’t look in to it too much.

    Keep up the good exploring. 😉

Comments are closed.