Windows XP SP2的WRSF安全特性導致IE使用window.open和window.showModalDialog的status=no無法關閉狀態列

          前段時間在忙一個asp.net物品管理系統，其中用到了window.showModalDialog()來彈出模態的對話方塊，其中使用了status=no使對話方塊不顯示難看的狀態列，但是發現在Intranet地區即本網（http://localhost）原本使用好好的，但是到了Internet地區狀態列卻又顯示出來了，怎麼改代碼都無濟於事，似乎status=no失去了作用。後來在Microsoft網站上找到了如下資料：

資料源地址：http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2brows.mspx#E6SAE

Internet Explorer Using Feature Control Registry Settings with Security Zone SettingsWhat do Feature Control Registry Settings and Security Zone Settings do?

Feature Control registry settings are provided in Windows XP SP 2 so that a specific process can be configured to opt-in to a particular security feature. In the following example, Internet Explorer has been configured to use the Windows Restrictions security feature（WRSF）:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft
\Internet Explorer\Main\FeatureControl
\FEATURE_WINDOWS_RESTRICTIONS] iexplore.exe=1

Once a process has been configured to use a security feature, the security feature is running and security zone settings can be applied for more precision, if implemented for that feature. In the Security Settings tab of Internet Options, the user can adjust these settings for many of the new Windows XP SP2 feature controls. If you select Enable, it lowers the security settings and allows the behavior to run less securely, or in the same manner as it did in Windows XP Service Pack 1. For example, if Windows Restriction is set to Enable in the Intranet zone, Windows Restrictions will not be applied — script-initiated windows can be opened as freely as in Windows XP SP1. The Windows XP SP2 restrictions can be applied again by setting the security zone setting to Disable, which blocks the less-secure behavior while the feature control is enabled for that process.

For example, if the feature is turned on for Windows Restrictions, this feature:

•	Forces the status bar to be present in script-initiated Internet Explorer windows with the title bar [those that were created with window.open()].
•	Constrains the size and positioning of script-initiated Internet Explorer windows that have title and status bars to ensure that the title bar and the status bar in these windows is always visible to the user.

        我特意將關鍵的話語加粗變紅，原來這是Windows XP SP2的新安全特性Windows Restrictions security feature（WRSF），為了安全，SP2特意強制將彈出的標題列和狀態列都顯示，讓瀏覽者知道自己正在訪問哪個地址哪個網頁，防止惡意欺騙。此特性對Internet地區有效，而對本地的Intramet地區無效，就是說在XP SP2下使用代碼status=no控制視窗無狀態欄已經無效了。解決方案除了上述的修改用戶端註冊表索引值關閉WRSF特性，或者還有一種解決方案就是在用戶端上將系統的網站地址加入IE屬性“安全”選項中的“本地Intranet”地區。不過這樣好像就失去了B/S系統的最大優點，用戶端這麼多，不可能要求每個使用系統的人都這樣設定，所以只能繼續讓狀態列顯示。