i'm trying to block java applets in IE, which seems quite easy using the HTML.Element.Name / HTML.Element.Attribute properties.
But how can i prevent this code from being executed (as demonstrated on http://www.w3.org/People/mimasa/test/object/java/):
<p><object id="game3" classid="clsid:8AD9C840-044E-11D1-B3E9-00805F499D93"
standby="The Java applet is loading..." height="500" width="800" name="game3"
<param name="code" value="Othello.class">
<param name="archive" value="Othello.jar">
<param name="codebase" value="applets/">
<param name="type" value="application/x-java-applet;version=1.4">
Maybe blocking the "classid" attribute could do the job, but i would prefer accessing the values in the <param>-tag. Is this possible?
Product Version is McAfee Web Gateway 7.1.6.
Thanks for you help!!
Using the HTML opener and stripping out the tags is one method of doing this, but an easier medod is to block the downloading of the java applet in the first place when the .class or .jar file is being downloaded initially.
You can block Download Media Types of application/java-vm.
This can prevent the downloading of the applets without having to manipulate the HTML
The only challenge with this is if the applet has been previously cached on the PC, it doesn't download again and uses the cached version instead.
So lcear your browser and java cache before testing to make sure it works.
Thanks, this works for me. I will keep both the Media Type filtering and HTML filtering rule sets, because i want to display some user information in case an applet gets blocked - Media Type Filtering just blocks the java executable and the java vm stops loading / throws a java exception.