OK, OK... I know that you normally cannot write to a client computer from a web browser unless you open up the browser security. This application will run in a pretty secure environment and relaxing security is not an option. This is a web application running on our intranet and I am willing to jump through whatever hoops are necessary, getting the code signed (we have a certificate server we can use), whatever.

Can somebody tell me -
1. Can you do this?
2. How? What are the steps?

Thanks (a lot) in advance,

Steve

You can prompt a user to download something through the use of an http header, but modifying a text file on the users machine sounds impossible from the server. There is no good way to communicate with the client and the server, it would be a huge security risk for the client and the server if it were possible. You can play with server applications of course, but through the browser might not be an option.

1. Yes, provided you don't mind running Internet Explorer on Windows with the security restrictions turned right down.

2. Your script needs to create an instance of the FileSystemObject (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/script56/html/FSOoriFileSystemObject.asp), which can then manipulate the files. You will also need to set the IE security settings for the appropriate zone (preferably either Local Intranet or Trusted Sites) to allow ActiveX access by scripts. I'm afraid I can't remember the exact settings, but I'll test it when I get access to a Windows machine.

Here's an example of creating and writing a file in JScript (untested due to lack of Windows on my current machine):
var fso = new ActiveXObject('Scripting.FileSystemObject');
var newFile = fso.CreateTextFile('C:\\myfile.txt');
newFile.WriteLine('Hello World');
newFile.Close();

Adam

ugh I forgot about activex... one of the worst features/bugs in ie.

I've justed tested it. The script works, with the message "An ActiveX control on this page might be unsafe to interact with other parts of the page. Do you want to allow this interaction?" There is probably a setting to allow it to run without the message, but I can't find it ATM.

Adam

Try renaming the file to one with an .HTA extension instead of .HTM

The HTA is a good idea. I've had it too. You get a warning message everytime you link to the HTA but I can live with that. What I haven't been able to figure out is how to pass parameters from the web page to the HTA. I haven't had time to test it but I thought I might try a link something like
c:\appdir\app.hta?paramter1#parameter2
and see if I can parse the parameters out in the hta.

What do you think?

Hey Adam,

Thanks for the reply. I have done quite a bit of testing with the FSO object. It works perfectly as long as the security settings can be relaxed enough to either let activex object run or prompt to let them run. I can't do that. I am at a military installation and they are *rather* strict about security. It is exactly what I want to do though. I wish there was some way to package it up and sign it and let the user decide whether or not they want a script/program coming from the signee to run. That's what I can't figure out.

We have set up a certificate server to validate digital signatures and have signed some exe's. I am going to be testing with those to try and determine what capabilities, if any, that gives me.

Know anything about passing parameters to an .HTA ? That would work too...

Thanks again for the reply.

Steve

You may be able to get the security restrictions lowered for your code only by adding the appropriate server to the Trusted Sites zone, which runs with lower privileges. In general, though, it's right to be cautious about allowing this for obvious reasons - you don't want just anybody accessing your filesystem.

You may also be able to do something using a signed ActiveX, rather than the generic scripted FSO, but that's not my area of expertise.

You should be able to pass parameters to the HTA using something like the example you gave, except parameters are normally key-value pairs seperated by ampersands, for example (nicked from location bar):

newreply.php?s=&action=newreply&threadid=44269

Adam