Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
2359 Views 2 Replies Latest reply: Dec 31, 2012 2:59 AM by karthago RSS
karthago Newcomer 11 posts since
Dec 28, 2012
Currently Being Moderated

Dec 28, 2012 7:30 AM

Blocking Java applet / <params> tag

Hi,

 

i'm trying to block java applets in IE, which seems quite easy using the HTML.Element.Name / HTML.Element.Attribute properties.

But how can i prevent this code from being executed (as demonstrated on http://www.w3.org/People/mimasa/test/object/java/):

 

<p><object id="game3" classid="clsid:8AD9C840-044E-11D1-B3E9-00805F499D93"

standby="The Java applet is loading..." height="500" width="800" name="game3"

codebase="http://java.sun.com/products/plugin/autodl/jinstall-1_4_0-win.cab">

<param name="code" value="Othello.class">

<param name="archive" value="Othello.jar">

<param name="codebase" value="applets/">

<param name="type" value="application/x-java-applet;version=1.4">

Othello

</object></p>

 

Maybe blocking the "classid" attribute could do the job, but i would prefer accessing the values in the <param>-tag. Is this possible?

 

Product Version is McAfee Web Gateway 7.1.6.

 

Thanks for you help!!

  • eelsasser McAfee SME 841 posts since
    Mar 24, 2010
    Currently Being Moderated
    1. Dec 28, 2012 8:59 AM (in response to karthago)
    Re: Blocking Java applet / <params> tag

    Using the HTML opener and stripping out the tags is one method of doing this, but an easier medod is to block the downloading of the java applet in the first place when the .class or .jar file is being downloaded initially.

     

    You can block Download Media Types of application/java-vm.

     

    Capture3.png

     

    This can prevent the downloading of the applets without having to manipulate the HTML

    Capture1.png

    Capture2.png

     

    The only challenge with this is if the applet has been previously cached on the PC, it doesn't download again and uses the cached version instead.

    So lcear your browser and java cache before testing to make sure it works.

     

More Like This

  • Retrieving data ...

Bookmarked By (1)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points