Custom values that are saved to the navigator object are not persisted after you refresh the Web page in Windows XP Service Pack 2 (884698)


The information in this article applies to:

  • Microsoft Windows XP Professional Service Pack 2 (SP2)
  • Microsoft Windows XP Home Edition Service Pack 2 (SP2)
Important This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry

Important This article contains information that shows you how to help lower security settings or how to turn off security features on a computer. You can make these changes to work around a specific problem. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this workaround in your particular environment. If you implement this workaround, take any appropriate additional steps to help protect your system.

SUMMARY

Microsoft Windows XP Service Pack 2 (SP2) uses a new security context on all scriptable objects. In this new security context, access to all cached objects is blocked. This behavior occurs regardless of whether you are navigating across Fully Qualified Domain Names (FQDNs) or within the same FQDN. After you change the context by viewing a different page or by refreshing the current page, the reference to an object is no longer accessible.

SYMPTOMS

Custom values that are saved to the navigator object are not persisted after you refresh a Web page. Additionally, these custom values are not persisted if you leave the Web page and then return to it.

CAUSE

If an object provides access to the contents of a Web page from another domain, and this object can be cached, a cross-domain security vulnerability exists. To help protect against this vulnerability in Windows XP SP2, the new security context on all scriptable objects blocks access to all cached objects.

RESOLUTION

To change this behavior, use one of the following methods:
  • Use cookies.
    For more information about how to use cookies, visit the following Microsoft Developer Network (MSDN) Web sites:

    Cookie theory
    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dninstj/html/cookietheory.asp

    JavaScript and cookies
    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dninstj/html/javascriptcookies.asp

  • Change the userData behavior.
    Warning This workaround may make your computer or your network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.

    For more information about the userData behavior, visit the following Microsoft Developer Network (MSDN) Web sites:

    userData behavior
    http://msdn.microsoft.com/library/default.asp?url=/workshop/author/behaviors/reference/behaviors/userdata.asp

    Introduction to persistence
    http://msdn.microsoft.com/library/default.asp?url=/workshop/author/persistence/overview.asp

    Important If you use these behaviors incorrectly, you can compromise the security of your application. The saveFavorite behavior, the saveSnapshot behavior, and the userData behavior persist data as plain text in a saved Web page. This text is not encrypted. Therefore, any application that has access to the drive where the page is saved also has access to the data and can tamper with it. We recommend that you do not persist sensitive data like credit card numbers.
  • Change the registry setting.
    Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

    Use one of the following registry settings to revert the object caching to pre-SP2 behavior. If you use this method, you must do this on every client computer.

    Important We do not recommend that you do this.

    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING
    Value: IExplore.exe
    Setting: 0 (Off), 1 (On)

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING
    Value: IExplore.exe
    Setting: 0 (Off), 1 (On)

STATUS

This behavior is by design.

MORE INFORMATION

Steps to reproduce the behavior

  1. Save the following code in an .html file, and then open the file in Microsoft Internet Explorer.
    <html>
<head>

<script language="javascript">

if (navigator.CustomTag == null)
{
	document.write("No value present" + "<BR>")
	navigator.CustomTag = 200
	document.write("Value has been set to: " + navigator.CustomTag + "<BR>")
}
else
{
	document.write("Value present" + "<BR>")
	document.write("Value is: "+ navigator.CustomTag)
}

</script>

</head>
<body>
</body>
</html>
  2. Press F5.
On a computer that is running Microsoft Windows XP with SP2, the value is not set. On a computer that is running Windows XP without SP2, the value is persisted.

REFERENCES

For more information about functionality changes in Windows XP SP2, visit the following Microsoft Web site:

http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2brows.mspx#XSLTsection134121120120

For more information about persisting sessions, visit the following MSDN Web site:

http://msdn.microsoft.com/library/default.asp?url=/workshop/author/persistence/howto/sessiondata.asp

Modification Type:MajorLast Reviewed:8/21/2006
Keywords:kbprb KB884698 kbAudDeveloper
©2004 Microsoft Corporation. All rights reserved.