Today, I did a test. The source code is quite simple. Programmers on earth all know what to write, but there is a place that is always ignored. The security level of IE should be changed, otherwise, the system EXE file you are calling will not be jumped out of the list ~~~~~~~~ The source code is as follows:
<! Doctype HTML public "-// W3C // dtd xhtml 1.0 transitional // en" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <HTML xmlns = "http://www.w3.org/1999/xhtml"> Program : <Br> <input name = "EXE" type = "text" size = "20" value = "Regedit"> <button type = "button" onclick = "Run (exe. value) "> OK </button> <button type =" button "onclick =" exe. value = ''"> re-enter </button> <br> <button type = "button" onclick = "Run ('C: \ windows \ system32 \ notepad.exe ') "> notepad </button> <br> <button type =" button "onclick =" Run ('C: \ windows \ system32 \ mspaint.exe ') "> graphic Board </button> <br> <button type =" button "onclick =" Run ('C: \ Windows \ system32 \ calc.exe ') "> calculator </button> <br> <button type =" button "onclick =" Run ('C: \ Windows \ system32 \ cmd.exe ') "> CMD </button> <br> <button type =" button "onclick =" Run ('C: \ Windows \ regedit.exe ') "> registry </button> <br> <button type =" button "onclick =" Run ('C: \ Windows \ pchealth \ helpctr \ binaries \ msconfig.exe ') "> msconfig </button> <br> </body>
The security level is changed as follows:
The effect is as follows: