Event 1034 - Cross-Domain Barrier and Script URL Mitigation
Published: June 11, 2010
Updated: June 11, 2010
Applies To: Windows 7, Windows Vista
In earlier versions of Internet Explorer, before Windows Internet Explorer 7, script URLs were treated like any other URL, allowing navigation to occur. This navigation also allowed the script source to have access and run in the current window. In Windows Internet Explorer 8 and Internet Explorer 7, script URL mitigation removes the script from the script URL, effectively stopping navigation from places that are considered unsafe. Internet Explorer then runs the script in the domain context of the Web page from where it came instead of navigating to the page.
How This Issue Appears to the User
If the script URL navigation occurs from a questionable location or Internet Explorer is unable to retrieve the domain context, the navigation is blocked and the user receives a script error message in the Status Bar. If the Web page relies on this blocked navigation, it might become partially unusable, so that when the user clicks a link or button, nothing happens.
What are the Possible Causes of This Issue?
The form element’s
When Is This Event Logged?
This event is logged when a Web page attempts to run a script URL across a domain.
|For more information and examples, see the Event 1034-Cross-Domain Barrier and Script URL Mitigation topic from Internet Explorer Application Compatibility.|
To enable the script URL to redirect the navigation to a Web site, you can change the way the script runs by using an event handler, an inline script, or provide a call to the execScript method.
Using an Event Handler
You can change the
Using an Inline Script
You can run the script URL code, by using an inline script tag. For example:
<script> doSomething() </script>
Using the execScript Method
You can call the execScript method to run your script URL code. For example, you can change
How Can I Work Around This Issue?
You can work around the script URL mitigation security feature by turning off the following registry key:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\ FEATURE_SCRIPTURL_MITIGATION]"iexplore.exe"=dword:00000000
What Happens If I Disable This Security Feature?
If you disable this security feature, you will be more prone to cross-domain attacks. Disabling this feature should only be used as a temporary measure during troubleshooting, to compare the behavior of the application when the feature is enabled and when it is disabled. It is not recommended that this feature be left disabled on an ongoing basis.