Using the Mark of the Web (MOTW)

If you develop websites and you add even the littlest bit of JavaScript (like the “framebuster” script I used to add to my sites), you get a warning message when you preview the site in Internet Explorer because of Active Content. I thought the only option for disabling this message was to modify my security settings (which I’m very hesitant to do, given some of the files that I receive). However, Microsoft has provided a way to disable this message for those pages that you know are safe.

Called Mark of the Web (MOTW), it’s a comment added to the <head> section that indicates what website the content belongs to. The MOTW must follow a specific format, including the number of characters in the string. For example:

<!-- saved from url=(0025) -->

The MOTW must start with the comment code and text “saved from url=“. The numbers in parentheses must match the number of characters in the URL string (including the trailing backslash).

If this is for a new site, or if the domain is not known, you can use about:internet as a valid URL. For example:

<!-- saved from url=(0014)about:internet -->

I’m slowly adding MOTW to the sites I develop…it will take awhile, but because it only helps me in development, there’s no rush.

For more information on MOTW, visit MSDN.

Don Lammers from Shadow Mountain has informed me that MOTW, when used locally, will prevent links to a PDF from opening, and users don’t receive any warning as to why the links aren’t working. If you have to create links to PDF files, you won’t be able to use MOTW. This only affects those folks developing local HTML-based Help.