Option to disable JScript execution in Internet Explorer

Applies to: Internet Explorer 11

Summary


A new URL action, URLACTION_ALLOW_JSCRIPT _IE (140D), enables the JScript execution policy to be configured per Security Zone or Security Zone Template. You can specify the following values for this URL action:

Enabled (default setting)

URLPOLICY_ALLOW

Disabled (recommended setting for Internet Zone, Restricted Sites Zone, and High and Medium-High Security Zone templates)

URLPOLICY_DISALLOW

Prompt

URLPOLICY_QUERY


This article describes how to disable JScript execution in Internet Explorer for Internet Zone and Restricted Sites Zone.

Important To use the URL action that is described in this article, you must have Cumulative security update for Internet Explorer: April 11, 2017 or a later update installed.

More information


Important Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, back up the registry for restoration in case problems occur.

To manually edit the registry and disable JScript execution in Internet Explorer for Internet Zone and Restricted Sites Zone, follow these steps:

  1. Click Start, click Run, type regedt32 or regedit, and then click Ok.
  2. To disable JScript execution in Internet Zone, locate the following registry subkey in Registry Editor:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\140D

    To disable JScript execution in Restricted Sites Zone, locate the following registry subkey in Registry Editor:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\140D

     
  3. Right-click the appropriate registry subkey, and then click Modify.
  4. In the Edit DWORD (32-bit) Value dialog box, type 3.
  5. Click OK, and then restart Internet Explorer.

To restrict JScript from executing scripts for emulated applications such as a 32-bit application running on a 64-bit device, follow these steps:

  1. Click Start, click Run, type regedt32 or regedit, and then click Ok.
  2. To disable the emulated application, locate the following registry subkey in Registry Editor:

    HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\140D
  3. In the appropriate subfolder, create a registry value of type DWORD and name it EnableJScriptMitigation.
  4. In the Edit DWORD (32-bit) Value dialog box, type 1.
  5. Click Ok.

Scripts from MSXML

If you run Windows 8 or Windows 8.1, you must have either the Monthly Rollup (MR) or both the Security-Only (SO) update and the Internet Explorer Cumulative Update (IECU) to use this feature. In addition to enabling the feature by using a feature control key, you must also change the registry keys accordingly to restrict JScript from being loaded through MSXML.

To restrict JScript from executing scripts from MSXML3 and MSXML6, follow these steps:

  1. Click Start, click Run, type regedt32 or regedit, and then click Ok.
  2. To disable Script execution through MSXML3 and MSXML6, locate the following registry subkey in Registry Editor:

    For x86-based devices
    • For MSXML3: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSXML30
    • For MSXML6: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSXML60
    For x64-based devices
    • For MSXML3: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\MSXML30
    • For MSXML6: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\MSXML60
  3. In each appropriate subfolder, create a registry value of type DWORD and name it EnableJScriptMitigation.
  4. In the Edit DWORD (32-bit) Value dialog box, type 1.
  5. Click Ok.

Notes

  • After you apply these settings, Internet Explorer will not run JScript from websites that use Internet Explorer’s legacy document modes (Internet Explorer 9 and earlier versions), and that are in the Internet Zone or Restricted Sites Zone. To restore JScript execution in a Security Zone, set the value of the corresponding registry subkey to 0, and then restart Internet Explorer.
  • Before you apply these settings when you run Windows 8, Windows 8.1, Windows 10, version 1507 (initial version released July 2015), Windows 10, version 1703 (Creators Update), or Windows 10, version 1709 (Fall Creators Update) on your device, the feature must be enabled through an Internet feature control key (also known as feature control key). For instructions about how to configure a feature control key, see the Internet Feature Control Keys topic on the Microsoft Docs website.