IE8 Refuses to run Javascript from Local Hard Drive

I have a problem that just started at work recently and the network manager is certain he did not change anything with the group policy. Anyways, here is a detailed description of the problem.

My machine is Windows XP SP3, and I use IE8 to browse. We have McAffee anti-virus software that I am unable to configure. I use the following file to test...

<!DOCTYPE html>
<html>
  <head>
    <title>Javascript Test</title>
  </head>
  <body>
    <script type="text/javascript">
      document.write("<h1>PASS</h1>");
    </script>
    <noscript>
      <h1>FAIL</h1>
    </noscript>
  </body>
</html>

When I open this file from the C: drive, it fails every time. If I execute it anywhere else (local/remote web server or on a mapped network drive), it works just fine. When I am simply browsing the Internet, Javascript on web sites works just fine. It is only failing on files running from my C: drive. Additionally, I have had a couple other programmers in the department try this file on their C: drive, and it works fine for them. So I don't believe it is a group policy thing.

I need to fix this because I do extensive testing from my C: drive, and I am accustomed to doing so. I don't want to get into the habit of moving files to a different drive just to test.

Things I have tried:

• Enabled "Allow Active Content to Run Files on My Computer" in Options | Advanced | Security
• Enabled "Allow Active Scripting" in Options | Security | Custom Level
• Verified that "Script" was not checked as disabled in Developer Toolbar
• Added localhost to Trusted Sites in Options
• Disabled McAffee completely (momentarily, with help from network admin)
• Used an older DOCTYPE in my test HTML page
• Re-installed IE8 completely
• Ran regsvr32 on the JScript.dll
• Slammed keyboard

I am sure that there is a setting somewhere that will fix this problem, possibly in the registry. I would not be surprised if it was related to the developer toolbar. At this point I do not know where else to look.

Can anyone help me resolve this problem?

EDIT: Regardless of the bounty, this issue is still ongoing.

Adding localhost to Trusted Sites does not work. I realize that I can setup a server, and I do use one for my primary development. But sometimes I will just write a quick and dirty test (on occasion, for answering a question on this web site!) and save it on the desktop, where I can easily execute and delete it. I've grown accustomed to doing this, and it works fine on all my other computers except this one. Something is the matter, and there must be a way to correct it.

I understand my work-around options, and I have several of them at-hand. However, what I really want to do is figure out why this is not working on this particular machine. As mentioned in my question and in other comments, I have grown quite accustomed to writing quick and dirty Javascript tests on my desktop. I've been doing it since 2000, at least. It's a hard habit to break and it ticks me off when I have to change the way I work just because one particular machine decides to give me a hard time. It's ridiculous and far from ideal. There must be a solution.

the problem might very well be related to the McAfee security suite (which you can't configure?). so, again, a virtual machine without McAfee is one quick way to find out. i mean, there is no real trouble-shooting possible if you can't eliminate the main suspect, is there?

Could it be version of Windows / Internet explorer? It is since (I think) SP2 of XP that javascript was blocked locally.

... updated - Have you checked for - i50.tinypic.com/29vcx15.jpg

@Wil Yes, and I mentioned that in the question. I've included a couple more things I have tried in the question as well.

"trying to disable" is a quite strechable expression. are there any identical machines in your company? then have one cloned onto your machine if that is feasible. speaking of cloning, create a full drive image, and then start ripping it apart if you're really interested in the cause. not very cost efficient and i would only do it to satisfy my professional curiousity.

Let me rephrase that... using administrative privelages, we completely disabled all McAffee services on my machine and it did not fix the issue. Two colleagues have identical machines as me, and they do not have the problem. Identical is stretching it, because obviously I have my own personal settings stored in my user profile. I have tried signing on to one of those identical machines, and when I do that, everything works fine. Issue is completely localized to this machine, and I can't ghost over it because then I will lose all my local settings for apps like Visual Studio, etc. Thanks :)

of course, if they were 100% 'identical' you wouldn't be able to run local java scripts in IE on them :) anyway, i don't know how the cost factor is weighed in your company, but migrating your settings to a clone (after backing up your entire drive) seems to be still the easiest way. as for me, i am unable to reproduce the error (all is well here), so i can only engage in guesswork (which i hate! :).

I know it; problems like this typically go unsolved unless they are reproduced. I am trying to re-create the problem on another machine. Thanks anyways :)

Darn, I thought this would work, but no dice. The problem still exists. Thanks for the answer, though!

did you reboot after?

Changing to .hta works, but it does not open in Internet Explorer. I am aware of the work-around options, but I ultimately need to get JS to run on my C: drive within an HTML file.

No I did not, but I will try that too.

ok, usually the dcom settings won't go into effect untill you reboot. good luck!

Tried rebooting, still no luck. Darn :(

An HTA uses the same rendering engine and the same Windows Scripting Host to supply the javascript support as Internet Explorer. Why is it a requirement to open in Internet Explorer? I would argue that while technically it is not launching iexplore.exe - it effectively is running identically to how it would in the browser with more lax security restrictions. If you needed it to potentionally run in other browsers or other operating systems, that would drive the requirement... but I don't see that from your question or comments.

Thanks, but the DWORD was already there, and set to 0 :(

It does not appear to allow me to add the C: to the trusted sites zone. It gives me some stupid invalid wildcard sequence message. I've compared all the ActiveX settings with my colleagues, and they are identical.

Nice thought. It's still a workaround of course, but nice idea!

...and that don't requre any change to your security policies, IE settings...

I'm not sure I'd call this a workaround, if it actually solves the poster's problem. Microsoft specifically suggests it: "You should add a MOTW to every HTML document whose contents would be restricted by Internet Explorer's Local Machine zone lockdown security feature. Following are examples of when to insert a MOTW....You need to preview Web pages locally before uploading them to a Web site." --From msdn.microsoft.com/en-us/library/ms537628(VS.85).aspx

It works, but it is lame. Thanks :)

Why it's lame? It's better by far than lowering security of your whole system for just one page (and sometimes it's not even possible). Mark of the Web are here for that and it's the best solution for this kind of "problem" IMO. If there is something lame, it's IE! :)

It's lame because: a) it does not solve the problem. b) it essentially forces local content to run in the security for the given web site (web content has less security restrictions than local content...? seems a little backwards to me!). This makes sense for the scenario that davidcl described, but the fact that it works around the issue I am having just makes the situation even more daunting.

Why do you say it does not solve the problem when your last comment said it worked? Yes web content is "less" secure than local content (at least for JavaScript execution).

Solving the problem != conspicuously working around the problem.

Yeah but I think the "problem" in question is just normal IE and or security software behavior which you can't control as you are non-admin.

It is not normal, because none of the other programmers have the problem I have.

But are you in the same user group as them? Whith the exact same rights? Since you have no control on the rights you have, we can't actually help you more than giving workarounds... Ask your admin to be put in their group to see if it's changing something.

@kentaromiura: Just a year late, but since the OP problem only occurs when file:// is used, in that particular case it's a perrfectly suitable solution.