As a software developer, I frequently need to view XML files. If I double-click an XML file, it loads in Internet Explorer, but it gives a warning about how it blocked potentially insecure content, etc. There is a nice expanding tree structure which you can view, but you have to click the “Yes, I’m willing to risk security holes” button.
But why? What possible security hole could there be from simply viewing an XML file? XML is not an executable. (Sure, people can try to embed executable commands in XML, but it’s a trivial trivial thing for your browser to simply display the XML as text without running anything). Why can’t Internet Explorer simply display the file without a security warning? What security attack is it trying to protect me against?
As a point of reference – Firefox is able to display XML without a security warning just fine. Is IE simply warning me for no reason? Or is there really some subtle attack here?
With IE7, it’s a feature. In IE8, it appears to be a bug. Considering Microsoft has a history of refusing to play by the rules, except for those rules it creates for itself, it may be par for the course.
Yeah, that’s my question – what’s the point of that feature in IE7? Somebody did a lot of work to notify users that reading an XML file was a potential security hole. But how is that a hole? I can’t imagine any possible way that simply viewing an XML file could possibly compromise your security.
FYI … You can turn that behavior off by going to Control Panel >> Internet Options >> Advanced tab >> check “Allow active content to run in files on My Computer” & [OK].