Click here to Skip to main content
Click here to Skip to main content
Add your own
alternative version

HOWTO: Lockdown Internet Explorer using a Trusted Zone helper

, 14 Jan 2005
This article includes a fully working Javascript with user interface that plugs-in to Internet Explorer. The plugin allows you to effortlessly manage which websites are part of your "Trusted Zone". The Trusted Zone is a little used (and generally little known) powerful security feature of
tzhlp.zip
tzhlp.gif
<script language="javascript" FOR=window EVENT=onhelp>
	alert
	(
		"Internet Explorer 6.0 Trusted Zone Helper Plugin" + "\n\n" +
		"Author: Nathan Evans" + "\n" +
		"Date/Version: 19-01-2005" + "\n\n" +
		"Thank you for using this software."
	);
</script>

<script language="javascript">

	/* Internet Explorer 6.0 Trusted Zone Helper Plugin
	 * 
	 * Purpose: Provides user with an easy to reach interface to add and remove domains to and from the Truzted Zone.
	 * Usage: Install plugin as a "MenuExt" Internet Explorer extention. Right-click on web page and choose menu item "Change domain trust...".
	 * Tested On: IE 6.0 SP2 (should work fine on IE5.5+ though)
	 * Author: Nathan Evans
	 * Initial Release: 14-01-2005
	 * Date/Version: 19-01-2005
	 * Changes: Fixed icon sizing bug - ex: 16x16 icons now display properly, instead of being rescaled to 32x32.
	 *          Fixed option button selection not firing when clicking the option's text.
	 */
	 
	window.dialogHeight = "235px";
	window.dialogWidth = "458px";
				 
	var wsh = new ActiveXObject("WScript.Shell");
	var sRegLocation = "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\";
	var sCurrentURL = new String(external.menuArguments.document.URL);
	var bShiftKey = external.menuArguments.event.shiftKey;
	
	var myDomain = new Object();
		myDomain.domain = "";
		myDomain.subdomain = "";
		myDomain.hostname = "";
		myDomain.reg_domain = ""; // IE doesn't recognise some rare SLD's (such as org.uk, com.au) so some trickery is required
		myDomain.reg_subdomain = ""; // ^^
		myDomain.reg_subdomainEx = ""; // used for unknown SLDs that require a wildcard, ex: "*.adslguide.org.uk"
		myDomain.reg_mode = 0; // 0 = domain is not trusted at all, 1 = only specific subdomains are trusted, 2 = this specific subdomain is trusted, 3 = whole domain is trusted
	
	if ( parseDomain(sCurrentURL, myDomain) ) {
		// no error
		// check to see if any part of this domain is already trusted (so the UI can be presented correctly):
		
		// bRegChk1 will be TRUE if the domain is present.
		if ( sldCheck(myDomain.reg_domain, "unknown") == true )
			bRegChk1 = false;
		else
		var bRegChk1 = RegExist(sRegLocation + myDomain.reg_domain + "\\", false);
		
		// bRegChk2 will be TRUE if the domain's sub-domain is present.
		var bRegChk2 = RegExist(sRegLocation + myDomain.reg_domain + "\\" + myDomain.reg_subdomain + ((myDomain.reg_subdomain.length>0) ? "\\*" : "*"), true);
			if (bRegChk2 == false) bRegChk2 = RegExist(sRegLocation + myDomain.reg_domain + "\\" + myDomain.reg_subdomain + ((myDomain.reg_subdomain.length>0) ? "\\http" : "http"), true);
			if (bRegChk2 == false) bRegChk2 = RegExist(sRegLocation + myDomain.reg_domain + "\\" + myDomain.reg_subdomain + ((myDomain.reg_subdomain.length>0) ? "\\https" : "https"), true);
			if (bRegChk2 == false) bRegChk2 = RegExist(sRegLocation + myDomain.reg_domain + "\\" + myDomain.reg_subdomain + ((myDomain.reg_subdomain.length>0) ? "\\ftp" : "ftp"), true);
					
		// bRegChk3 will be TRUE if the domain doesn't contain sub-domains.
		var bRegChk3 = RegExist(sRegLocation + myDomain.reg_domain + "\\*", true);
			if (bRegChk3 == false) bRegChk3 = RegExist(sRegLocation + myDomain.reg_domain + "\\" + "http", true);
			if (bRegChk3 == false) bRegChk3 = RegExist(sRegLocation + myDomain.reg_domain + "\\" + "https", true);
			if (bRegChk3 == false) bRegChk3 = RegExist(sRegLocation + myDomain.reg_domain + "\\" + "ftp", true);

		// bRegChk4 will be TRUE if the domain is an unknown SLD using a "*." wildcard
		var bRegChk4 = RegExist(sRegLocation + myDomain.reg_domain + "\\*." + myDomain.reg_subdomainEx + ((myDomain.reg_subdomainEx.length>0) ? "\\*" : "*"), true);
			if (bRegChk4 == false) bRegChk4 = RegExist(sRegLocation + myDomain.reg_domain + "\\*." + myDomain.reg_subdomainEx + ((myDomain.reg_subdomainEx.length>0) ? "\\http" : "http"), true);
			if (bRegChk4 == false) bRegChk4 = RegExist(sRegLocation + myDomain.reg_domain + "\\*." + myDomain.reg_subdomainEx + ((myDomain.reg_subdomainEx.length>0) ? "\\https" : "https"), true);
			if (bRegChk4 == false) bRegChk4 = RegExist(sRegLocation + myDomain.reg_domain + "\\*." + myDomain.reg_subdomainEx + ((myDomain.reg_subdomainEx.length>0) ? "\\ftp" : "ftp"), true);
				
		if (bRegChk1 == true && bRegChk2 == false && bRegChk3 == false) myDomain.reg_mode = 1;
		if (bRegChk1 == true && bRegChk2 == true && bRegChk3 == false) myDomain.reg_mode = 2;
		if (bRegChk1 == false && bRegChk2 == true && bRegChk3 == false) myDomain.reg_mode = 2;
		if (bRegChk1 == true && bRegChk2 == false && bRegChk3 == true) myDomain.reg_mode = 3;
		if (bRegChk1 == true && bRegChk2 == true && bRegChk3 == true) myDomain.reg_mode = 3;
		if (bRegChk1 == false && bRegChk3 == false && bRegChk4 == true) myDomain.reg_mode = 3;
		
		//alert(bRegChk1 + ", " + bRegChk2 + ", " + bRegChk3 + ", " + bRegChk4 + ", " + myDomain.reg_mode);
	}else{
		// error
		alert("This domain cannot added to the Trusted Zone.");
		window.close();
	}
	
	function buttonCancel() {
		// user clicked 'Cancel' button
		window.close();
	}
	
	function buttonApply() {
		// user clicked 'Apply' button
		var option1 = document.getElementById("option1").checked;
		var option2 = document.getElementById("option2").checked;
		var option3 = document.getElementById("option3").checked;
		var option4 = document.getElementById("option4").checked;
		
		if ( sldCheck(myDomain.reg_domain, "unknown") ) {
			// unknown SLD
			if (option1 == true) {
				// entire domain to be trusted, ex: *.adslguide.org.uk
				//alert("ADD: " + sRegLocation + myDomain.reg_domain + "\\" + myDomain.reg_subdomainEx + "\\*");
				RegWrite(sRegLocation + myDomain.reg_domain + "\\*." + myDomain.reg_subdomainEx + "\\*");
			}else{
				//alert("REMOVE: " + sRegLocation + myDomain.reg_domain + "\\" + myDomain.reg_subdomainEx + "\\*");
				RegDelete(sRegLocation + myDomain.reg_domain + "\\*." + myDomain.reg_subdomainEx + "\\*");
				RegDelete(sRegLocation + myDomain.reg_domain + "\\*." + myDomain.reg_subdomainEx + "\\http");
				RegDelete(sRegLocation + myDomain.reg_domain + "\\*." + myDomain.reg_subdomainEx + "\\https");
				RegDelete(sRegLocation + myDomain.reg_domain + "\\*." + myDomain.reg_subdomainEx + "\\ftp");
				RegDelete(sRegLocation + myDomain.reg_domain + "\\*." + myDomain.reg_subdomainEx + "\\"); // remove key as well to keep Registry tidy
				
				RegDelete(sRegLocation + myDomain.reg_domain + "\\" + myDomain.reg_subdomainEx + "\\*");
				RegDelete(sRegLocation + myDomain.reg_domain + "\\" + myDomain.reg_subdomainEx + "\\http");
				RegDelete(sRegLocation + myDomain.reg_domain + "\\" + myDomain.reg_subdomainEx + "\\https");
				RegDelete(sRegLocation + myDomain.reg_domain + "\\" + myDomain.reg_subdomainEx + "\\ftp");
				RegDelete(sRegLocation + myDomain.reg_domain + "\\" + myDomain.reg_subdomainEx + "\\"); // remove key as well to keep Registry tidy
				if (option3 == true) {
					// only subdomain to be trusted, ex: bbs.adslguide.org.uk
					//alert("ADD: " + sRegLocation + myDomain.reg_domain + "\\" + myDomain.reg_subdomain + "\\*");
					RegWrite(sRegLocation + myDomain.reg_domain + "\\" + myDomain.reg_subdomain + "\\*");
				}else{
					//alert("REMOVE: " + sRegLocation + myDomain.reg_domain + "\\" + myDomain.reg_subdomain + "\\*");
					RegDelete(sRegLocation + myDomain.reg_domain + "\\" + myDomain.reg_subdomain + "\\*");
					RegDelete(sRegLocation + myDomain.reg_domain + "\\" + myDomain.reg_subdomain + "\\http");
					RegDelete(sRegLocation + myDomain.reg_domain + "\\" + myDomain.reg_subdomain + "\\https");
					RegDelete(sRegLocation + myDomain.reg_domain + "\\" + myDomain.reg_subdomain + "\\ftp");
					RegDelete(sRegLocation + myDomain.reg_domain + "\\" + myDomain.reg_subdomain + "\\"); // remove key as well to keep Registry tidy
				}
			}
		}else{
			// known SLD
			if (option1 == true) {
				// entire domain to be trusted, ex: *.overclockers.co.uk
				//alert("ADD: " + sRegLocation + myDomain.reg_domain + "\\*");
				RegWrite(sRegLocation + myDomain.reg_domain + "\\*");
			}else{
				//alert("REMOVE: " + sRegLocation + myDomain.reg_domain + "\\*");
				RegDelete(sRegLocation + myDomain.reg_domain + "\\*");
				RegDelete(sRegLocation + myDomain.reg_domain + "\\http");
				RegDelete(sRegLocation + myDomain.reg_domain + "\\https");
				RegDelete(sRegLocation + myDomain.reg_domain + "\\ftp");
				RegDelete(sRegLocation + myDomain.reg_domain + "\\"); // remove key as well to keep Registry tidy
				if (option3 == true) {
					// only subdomain to be trusted, ex: forums.overclockers.co.uk
					//alert("ADD: " + sRegLocation + myDomain.reg_domain + "\\" + myDomain.reg_subdomain + "\\*");
					RegWrite(sRegLocation + myDomain.reg_domain + "\\" + myDomain.reg_subdomain + "\\*");
				}else{
					//alert("REMOVE: " + sRegLocation + myDomain.reg_domain + "\\" + myDomain.reg_subdomain + "\\*");
					RegDelete(sRegLocation + myDomain.reg_domain + "\\" + myDomain.reg_subdomain + "\\*");
					RegDelete(sRegLocation + myDomain.reg_domain + "\\" + myDomain.reg_subdomain + "\\http");
					RegDelete(sRegLocation + myDomain.reg_domain + "\\" + myDomain.reg_subdomain + "\\https");
					RegDelete(sRegLocation + myDomain.reg_domain + "\\" + myDomain.reg_subdomain + "\\ftp");
					RegDelete(sRegLocation + myDomain.reg_domain + "\\" + myDomain.reg_subdomain + "\\"); // remove key as well to keep Registry tidy
				}
			}
		}//if
		
		external.menuArguments.document.URL = external.menuArguments.document.URL; // refresh page
		window.close(); // close dialog
	}
	
	function updateRadios() {
		if ( document.getElementById("option2").checked == true ) {
			// enable other radios
			document.getElementById("option3").disabled = false;
			document.getElementById("option4").disabled = false;
		}else{
			// disable other radios
			document.getElementById("option3").disabled = true;
			document.getElementById("option4").disabled = true;
		}
	}
	
	function RegWrite(regKey) {
		try {
			wsh.RegWrite(regKey, "2", "REG_DWORD");
			return true;
		}catch(e){
			return false;
		}
	}
	
	function RegDelete(regKey) {
		try {
			wsh.RegDelete(regKey);
			return true;
		}catch(e){
			return false;
		}
	}
	
	function RegExist(regKey, bValue) {
		// WScript doesn't have a function to check if a Reg Key exists, so I have to improvise:
		try {
			wsh.RegRead(regKey);
			return true;
		}catch(e){
			var sTmp = new String(e.description);
			if ( bValue == false && sTmp.indexOf("Invalid root in registry key") )
				return true; // reg key exists but doesn't have a 'default value'
			else if ( bValue == false && sTmp.indexOf("Unable to open registry key") )
				return false; // reg key does not exist at all
			else
				return false;
		}
	}
	
	function sldCheck(sld, type) {
		var KnownSLD = new Array("co.uk", "ac.uk", "me.uk", "id.au");
		var UnknownSLD = new Array("org.uk", "net.uk", "sch.uk", "gov.uk", "nhs.uk", "police.uk", "mod.uk", "com.au", "asn.au", "net.au", "org.au", "csiro.au", "gov.au", "edu.au");
		if (type == "known") {
			for (var i = 0; i < KnownSLD.length; i++) {
				if ( KnownSLD[i] == sld ) return true;
			}
		}else if(type == "unknown") {
			for (var i = 0; i < UnknownSLD.length; i++) {
				if ( UnknownSLD[i] == sld ) return true;
			}
		}
		return false;
	}

	function isDigit(num) {
		if (num.length > 1) return false;
		var string="1234567890";
		if (string.indexOf(num) != -1) return true;
		return false;
	}
	
	function isInteger(val){
		for (var i = 0; i < val.length; i++) {
			if( !isDigit(val.charAt(i)) )
			return false;
		}
		return true;
	}
	
	function parseDomain(sURL, myDomain) {
		var posProto = sURL.indexOf("://") + 3;
		var posSlash = sURL.indexOf("/", posProto);
		var posDomain = 0;
		var posRegDomain = 0;

		if (!sURL.indexOf("res://") || posProto == 3 || posSlash <= posProto)
			// error
			return false;
		
		var sHost = sURL.substring(posProto, posSlash);
		myDomain.hostname = sHost;
					
		sDomain = sHost.split(".");
		
		if (sDomain.length-1 == 3 && isInteger(sDomain[0]) && isInteger(sDomain[1]) && isInteger(sDomain[2]) && isInteger(sDomain[3]) )
			// error (IP addresses aren't supported yet)
			return false;
		
		var sldTest = sDomain[sDomain.length - 2] + "." + sDomain[sDomain.length - 1];
		
		if ( sldCheck(sldTest, "known") ) { //( sldTest == "co.uk" || sldTest == "ac.uk" ) {
			// treat as an known SLD domain, ex: "domain.co.uk"
			posDomain = sDomain.length - 3;
			posRegDomain = sDomain.length - 3;
		}else if ( sldCheck(sldTest, "unknown") ) { //( sldTest == "org.uk" || sldTest == "net.uk" || sldTest == "com.au" ) {
			// treat as an unknown SLD domain, ex: "domain.org.uk"
			posDomain = sDomain.length - 3;
			posRegDomain = sDomain.length - 2;
		}else{
			// treat as standard TLD domain, ex: "domain.com"
			posDomain = sDomain.length - 2;
			posRegDomain = sDomain.length - 2;
		}
		
		// iterate through domain, breaking it up into two sections: domain and sub-domains
		for (var i = 0; i<sDomain.length; i++) {
			// user interface version
			if (i < posDomain){
				// sub-domain
				myDomain.subdomain += sDomain[i];
				myDomain.subdomain += (i+1<posDomain) ? "." : "";
			}else{
				// domain
				myDomain.domain += sDomain[i]; 
				myDomain.domain += (i+1<sDomain.length) ? "." : "";
			}
			
			// IE Registry-friendly version
			if (i < posRegDomain){
				// sub-domain
				myDomain.reg_subdomain += sDomain[i];
				myDomain.reg_subdomain += (i+1<posRegDomain) ? "." : "";
				if (i+1==posRegDomain) myDomain.reg_subdomainEx = sDomain[i];
			}else{
				// domain
				myDomain.reg_domain += sDomain[i]; 
				myDomain.reg_domain += (i+1<sDomain.length) ? "." : "";
			}
		}
		
		// success
		return true;
	}

</script>

<html>
<title>Internet Explorer - Trusted Zone Helper</title>
<body style="padding:.5em; margin:0em; overflow:hidden; background-color:ButtonFace;">
<table width="100%" border="0" cellpadding="0" cellspacing="0" style="font:8pt Tahoma, MS Shell Dlg; color:WindowText; font-weight:normal; padding:.5em;">
  <tr>
    <td colspan="3" style="font-weight:bold;">How do you want to trust this domain?</td>
  </tr>
  <tr>
    <td rowspan="2">
	<div style="width:4em; text-align:center; vertical-align:middle; margin:auto;">
	<img src="tzhlp.gif" id="icon" style="margin-right:.0em;" onError="this.src='tzhlp.gif';">
	</div>
    </td>
    <td><div align="right">Domain:</div></td>
    <td width="100%"><script language="javascript">document.write(myDomain.hostname)</script></td>
  </tr>
  <tr>
    <td><div align="right">Publisher:</div></td>
    <td width="100%">Unknown<script language="javascript">//document.write(myDomain.reg_domain + "\\" + myDomain.reg_subdomain + "\\" + myDomain.reg_subdomainEx)</script></td>
  </tr>
  <tr>
    <td colspan="3">
	<input onpropertychange="updateRadios();" name="domainMode" id="option1" type="radio">
	<label for="option1">Always trust content from &quot;*.<script language="javascript">document.write(myDomain.domain)</script>&quot;</label>
	<br>
	<input onpropertychange="updateRadios();" name="domainMode" id="option2" type="radio" checked>
	<label for="option2">Never trust content from &quot;*.<script language="javascript">document.write(myDomain.domain)</script>&quot;</label>
	<br>
	<input name="fullMode" id="option3" type="radio" disabled>
	<label for="option3">Always trust content from &quot;<script language="javascript">document.write(myDomain.hostname)</script>&quot;</label>
	<br>
	<input name="fullMode" id="option4" type="radio" disabled checked>
	<label for="option4">Never trust content from &quot;<script language="javascript">document.write(myDomain.hostname)</script>&quot;</label>
	</td>
  </tr>
  <tr align="right">
    <td colspan="3">
	<input onClick="buttonApply();" name="Apply" id="button1" type="button" value="Apply" style="font:8pt Tahoma, MS Shell Dlg; color:WindowText; font-weight:normal; width:8em; height:2.2em;">
	&nbsp;
	<input onClick="buttonCancel();" name="Cancel" id="button2" type="button" value="Cancel" style="font:8pt Tahoma, MS Shell Dlg; color:WindowText; font-weight:normal; width:8em; height:2.2em;">
	</td>
  </tr>
</table>
</body>
</html>

<script language="javascript">
	// set the icon to the domain's favicon.ico (if it doesn't exist it will revert back to tzhlp.gif)
	document.getElementById("icon").src = "http://" + myDomain.hostname + "/favicon.ico";
	
	// set initial option states (read from the Registry)
	switch(myDomain.reg_mode) {
		case 0: // 0 = domain is not trusted at all
			break;
		case 1: // 1 = only specific subdomains are trusted
			break;
		case 2: // 2 = this specific subdomain is trusted
			document.getElementById("option1").checked = false;
			document.getElementById("option3").checked = true;
			break;
		case 3: // 3 = whole domain is trusted
			document.getElementById("option1").checked = true;
			break;
	}
		
	// remove the annoying focus-rects:
	document.getElementById("option1").hideFocus = true;
	document.getElementById("option2").hideFocus = true;
	document.getElementById("option3").hideFocus = true;
	document.getElementById("option4").hideFocus = true;
	document.getElementById("button1").hideFocus = true;
	document.getElementById("button2").hideFocus = true;
</script>

By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.

If a file you wish to view isn't highlighted, and is a text file (not binary), please let us know and we'll add colourisation support for it.

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here

Share

About the Author

Nathan Evans
Software Developer (Senior)
United Kingdom United Kingdom
I am the lead developer of numerous .NET-based networking and communication server systems for Windows, for a company based in Cambridge. Including SMS/SMPP, VOIP and VoiceXML technologies.

| Advertise | Privacy | Mobile
Web02 | 2.8.141015.1 | Last Updated 14 Jan 2005
Article Copyright 2005 by Nathan Evans
Everything else Copyright © CodeProject, 1999-2014
Terms of Service
Layout: fixed | fluid