Important:
This is retired content. This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.
A version of this page is also available for
4/8/2010

This topic lists the values and actions that are available in a URL security zone.

The following table shows the values associated with the actions that can be taken in a URL security zone.

Constant Description

URLACTION_ACTIVEX_CONFIRM_NOOBJECTSAFETY

The user can decide whether to load and script a Microsoft® ActiveX® control that is not safe.

URLACTION_ACTIVEX_OVERRIDE_DATA_SAFETY

Determines if ActiveX safety for untrusted data can be overridden.

URLACTION_ACTIVEX_OVERRIDE_OBJECT_SAFETY

Determines if the ActiveX control object safety is overridden or enforced for pages in the URL security zone. Object safety should be overridden only if all ActiveX Controls and scripts that might interact with them on pages in the zone can be trusted not to breach security. This is an aggregate of URLACTION_ACTIVEX_OVERRIDE_DATA_SAFETY and URLACTION_ACTIVEX_OVERRIDE_SCRIPT_SAFETY.

URLACTION_ACTIVEX_OVERRIDE_SCRIPT_SAFETY

Determines whether ActiveX safety for scripting is overridden.

URLACTION_ACTIVEX_RUN

Manages the execution of ActiveX Controls and plug-ins from HTML pages in the zone.

URLACTION_COOKIES

Determines if HTTP persistent cookies are allowed. This flag is used only when Platform for Privacy Preferences (P3P) is not included in your OS design.

URLACTION_COOKIES_ENABLED

Determines if HTTP cookies can be set and retrieved. This flag is used when P3P is included in your OS design.

URLACTION_COOKIES_SESSION

Determines if HTTP session cookies are allowed. This flag is used only when P3P is not included in your OS design.

URLACTION_COOKIES_SESSION_THIRD_PARTY

Determines if third party HTTP session cookies are allowed. This flag is used only when P3P is not included in your OS design.

URLACTION_COOKIES_THIRD_PARTY

Determines if third party HTTP persistent cookies are allowed. This flag is used only when P3P is not included in your OS design.

URLACTION_CREDENTIALS_USE

Determines how the user's credentials are used over the network.

URLACTION_CROSS_DOMAIN_DATA

Determines if the resource is allowed to access data sources across domains.

URLACTION_DOWNLOAD_CURR_MAX

The maximum value of the URL action download flags.

URLACTION_HTML_CURR_MAX

The current maximum value of the URL action HTML flags.

URLACTION_HTML_FONT_DOWNLOAD

Determines if HTML font downloads are allowed.

URLACTION_HTML_JAVA_RUN

Determines if Java language applets are allowed to run.

URLACTION_HTML_META_REFRESH

Determines if the HTML content on the Web page is refreshed.

URLACTION_HTML_MIXED_CONTENT

Determines if unsecured content download is allowed on a secure Web page.

URLACTION_HTML_SUBFRAME_NAVIGATE

Determines if subframes are allowed to navigate across different domains. This value was introduced for Microsoft Internet Explorer 5.

URLACTION_HTML_SUBMIT_FORMS

Determines if HTML forms on pages in the URL security zone, or submitted to servers in the zone, are allowed. Aggregate of the URLACTION_HTML_SUBMIT_FORMS_FROM and URLACTION_HTML_SUBMIT_FORMS_TO flags.

URLACTION_HTML_SUBMIT_FORMS_FROM

Determines if form submissions from pages in the security zone are allowed. This flag is part of the URLACTION_HTML_SUBMIT_FORMS aggregate flag.

URLACTION_HTML_SUBMIT_FORMS_TO

Determines if form submissions to a server in the security zone are allowed. This flag is part of the URLACTION_HTML_SUBMIT_FORMS aggregate flag.

URLACTION_HTML_USERDATA_SAVE

Determines if user data persistence is enabled. This value was introduced for Internet Explorer 5.

URLACTION_SCRIPT_JAVA_USE

Determines whether script code on HTML pages in the URL security zone is allowed to use Java language applets if the properties, methods, and events of the applet are exposed to scripts.

URLACTION_SCRIPT_OVERRIDE_SAFETY

Do not use ActiveX safety for objects created by scripts.

URLACTION_SCRIPT_PASTE

Determines if scripts can do paste operations. This value was introduced for Internet Explorer 5.

URLACTION_SCRIPT_RUN

Determines if script code on the pages in the URL security zone is run.

URLACTION_SCRIPT_SAFE_ACTIVEX

Determines if scripting of safe ActiveX Controls is allowed.

URLACTION_SHELL_FILE_DOWNLOAD

Determines if file downloads are permitted from the URL security zone of the HTML page with the link that is causing the download.

URLACTION_SHELL_INSTALL_DTITEMS

Determines if desktop items can be installed.

URLACTION_SHELL_MOVE_OR_COPY

Determines if move or copy operations are allowed.

URLACTION_SHELL_VERB

Determines if launching of applications and files is permitted from the URL security zone.

URLACTION_SHELL_WEBVIEW_VERB

Determines if executable files and HTML pages can be launched from WebView. There is no user interface that affects this URL action.

Cookies are disallowed when the URLPOLICY_QUERY policy flag is applied to the following policies. For more information about policy flags, see URL Policy Flags.

  • URLACTION_COOKIES

  • URLACTION_COOKIES_ENABLED

  • URLACTION_COOKIES_SESSION

  • URLACTION_COOKIES_SESSION_THIRD_PARTY

  • URLACTION_COOKIES_THIRD_PARTY

Requirements

Header urlmon.h, urlmon.idl
Windows Embedded CE Windows CE .NET 4.0 and later
Windows Mobile Windows Mobile Version 5.0 and later