Loving your product, but I’m having difficulty accessing the ActiveX components from a plain .js script. Chilkat.FileAccess works fine when written within an HTA for example but not when run as a standalone script. Windows Scripting.FileSystemObject runs from a standalone script just fine, but it’s some 20x slower than your component. All my research on the matter indicates that the cause of the problem is that the ActiveX object is marked “Not Safe for Scripting”. Would you be willing to modify the component so that I may use it in this manner?
asked Jul 23 '12 at 09:48
This is a good question. A good article I would recommend about Script and IE Security is located here: http://blogs.msdn.com/b/ericlippert/archive/2004/01/13/58403.aspx
This part of the article summarizes the issue:
It wouldn't be right to mark Chilkat.FileAccess as "safe for scripting" because the intended purpose of the ActiveX is to read/write files, delete files, create/delete directories, etc. All of these things can obviously be harmful if used from an untrusted script. However, if used from a trusted script, or from a trusted Windows application (such as a VB6 app, Delphi app, etc.), then there is no issue.
Microsoft's Scripting.FileSystemObject should also be "not safe for scripting" for exactly the same reason. See http://social.msdn.microsoft.com/Forums/en/iewebdevelopment/thread/27092b49-7d3e-4d86-9ffb-223a26037c3f
The answer to your question is that it's not possible to mark the ActiveX as "safe for scripting". My suggestion for a workaround is to determine how to make your .js script a trusted script, and if trusted, then according to what the referenced article implies, you should be able to use an "unsafe" ActiveX from a trusted script.
answered Jul 23 '12 at 09:56