Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. How to prevent cross-domain drag-and-drop functionality in Internet Explorer

How to prevent cross-domain drag-and-drop functionality in Internet Explorer

Summary

Windows Internet Explorer enables you to select content in a webpage, drag it by using the mouse, and drop it elsewhere in the same webpage or in a webpage in a different Internet Explorer window.

After you install the cumulative update for Internet Explorer that is dated August 9, 2011, you can choose to prevent the drag-and-drop of content into a webpage that originates in a different domain. This can help avoid attacks where a malicious site may trick you into unknowingly selecting possibly sensitive content from one website and dropping the content into a possibly malicious website.

For more information about the cumulative update, click the following article number to view the article in the Microsoft Knowledge Base:
2559049 MS11-057: Cumulative Security Update for Internet Explorer: August 9, 2011

↑ Back to the top

This article describes how to enable a fix to prevent the drag-and-drop of content into a webpage that comes from a different domain.

To have us enable this fix for you, go to the "Fix it for me" section. If you would rather enable this fix yourself, go to the "Let me fix it myself" section.

↑ Back to the top

Fix it for me

To enable this fix automatically, click the Fix this problem link under the "Enable this fix" heading. Then, click Run in the File Download dialog box, and follow the steps in the wizard.


To undo the fix and restore the original settings, click the Fix this problem link under the "Disable this fix" heading. Then, click Run in the File Download dialog box, and follow the steps in the wizard.


Enable this fixDisable this fix

Notes
  • This wizard may be in English only. However, the automatic fix also works for other language versions of Windows.
  • If you are not on the computer that has the problem, you can save the automatic fix to a flash drive or to a CD, and then you can run it on the computer that has the problem.

↑ Back to the top

Let me fix it myself

To enable this fix yourself, modify the following registry subkeys by using the values that are listed in the following registry value table.

Note Each subkey affects whether you can drag-and-drop content into a webpage in a particular Internet Explorer security zone.

To enable this fix for webpages in the Internet zone:
HKEY_ LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3

To enable this fix for webpages in the Local Intranet zone:
HKEY_ LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1

To enable this fix for webpages in the Trusted Sites zone:
HKEY_ LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2

To enable this fix for webpages in the Restricted Sites zone:
HKEY_ LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4

To enable this fix for webpages in the Local Machine zone:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0

Registry value

Value NameData typeValueMeaning
2708dword0x03Prevent the dragging of content from a webpage and dropping it into a webpage from a different domain but in the same window
2709dword0x03Prevent the dragging of content from a webpage and dropping it into a webpage from a different domain in a different window

Note These settings do not affect your ability to copy-and-paste content from one webpage to another webpage.

↑ Back to the top

Keywords: kbfixme, kbmsifixme, kbexpertiseinter, kbprb, kbsurveynew, kb

↑ Back to the top

Article Info
Article ID : 2581921
Revision : 1
Created on : 1/7/2017
Published on : 8/9/2011
Exists online : False
Views : 82