The Mark of the Web, or MotW, is an HTML comment which makes Internet Explorer act as though it were loading the HTML document from a remote host rather than a local host.

<!-- saved from url=(0023) -->

Recent versions of Internet Explorer have default security options installed which help prevent users from accidentally allowing scripts and other active content from harming their computers. This makes sense, because most Microsoft Windows users who only have a surface-level understanding of the World Wide Web use Internet Explorer with its default settings.

Unfortunately, these default settings include a distinction between content loaded from a local drive, such as the computer's hard drive or a USB jump drive, and content loaded from a remote host, such as a web server. This causes problems when running scripts on locally-hosted HTML documents, because while active content will happily run without problems from a remote server, they will trigger a warning on a local host.

To help protect your security, Internet Explorer has restricted this webpage from running scripts or ActiveX controls that could access your computer. Click here for options…

This warning pops up in a yellow bar at the top of Internet Explorer's content area. A user may click the bar and choose to allow the script to run, but many will be put off by the warning and disable the content. If you're testing scripts by running them on your local machine, this warning can become very obnoxious when it pops up repeatedly. If you have a locally-hosted HTML document, such as a help file on a CD-ROM, a cautious user could lose most of the features by leaving it disabled.

This is a legitimate concern. While most active content is restricted by design from accessing files on an end user's remote computer, some of it can access files on the server it's running on. When you're running this content on a local drive, that server becomes the end user's computer. This could be taken advantage of by malicious 3rd parties. However, Internet Explorer is the only major web browser which has this security feature enabled by default.

As a workaround for their own security feature, Microsoft has implemented an HTML comment known as the Mark of the Web. This allows locally-hosted help documents and web pages downloaded from a remote server to ignore the distinction between locally-hosted content and remotely-hosted content. The end result being that the warning doesn't pop up. You can see this if you "Save as…" a web page as a "Web page, complete" document. Internet Explorer will insert the MotW between the doctype declaration and the opening HTML tag.

The format of the Mark of the Web is the same as a regular HTML comment, containing information about what URL originally hosted the page. In the everything2 example above, you will notice a number in parenthesis before the URL. This is a double-check for the mark, it must be equal to the number of characters in the URL, including the ending forward slash if present.

For coders testing JavaScript on their local machines, a placeholder MotW is useful to include by default to prevent this issue.

<!-- saved from url=(0014)about:internet -->

For more information:

Log in or register to write something here or to contact authors.