Web上使用ActiveX控件时,用两种安全防护,一是下载,二是使用。对于未签名的ActiveX控件,在IE的选项中有相应处理。我们不考虑下载,假定控件已在用户机注册(可能是额外的小安装包),因为未签名,所以仍会弹出警告提示,但实际上,在控件中实现适当接口,可以去除该警告。
以MFC的ActiveX控件实现为例,可以简单如下方式做到:
1:在CXXXCtrl(继承于COleCtrol)的声明类中:DECLARE_INTERFACE_MAP() 之前添加代码:
BEGIN_INTERFACE_PART(ObjectSafety, IObjectSafety)
INIT_INTERFACE_PART(COleControl, ObjectSafety)
STDMETHOD(GetInterfaceSafetyOptions)(REFIID, DWORD __RPC_FAR *, DWORD __RPC_FAR *);
STDMETHOD(SetInterfaceSafetyOptions)(REFIID, DWORD, DWORD);
END_INTERFACE_PART(ObjectSafety)
2:在CXXXCtrl实现类中添加代码:
BEGIN_INTERFACE_MAP(CXXXCtrl, COleControl)
INTERFACE_PART(CXXXCtrl, IID_IObjectSafety, ObjectSafety)
END_INTERFACE_MAP()
STDMETHODIMP_(ULONG) CXXXCtrl::XObjectSafety::AddRef( )
{
METHOD_PROLOGUE(CXXXCtrl,ObjectSafety);
return pThis->ExternalAddRef();
}
STDMETHODIMP_(ULONG) CXXXCtrl::XObjectSafety::Release( )
{
METHOD_PROLOGUE(CXXXCtrl,ObjectSafety);
return pThis->ExternalRelease();
}
STDMETHODIMP CXXXCtrl::XObjectSafety::QueryInterface( REFIID iid, LPVOID FAR* ppvObj )
{
METHOD_PROLOGUE(CXXXCtrl, ObjectSafety);
return pThis->ExternalQueryInterface(&iid,ppvObj);
}
HRESULT STDMETHODCALLTYPE CXXXCtrl::XObjectSafety::GetInterfaceSafetyOptions
(REFIID riid, DWORD __RPC_FAR
*pdwSupportedOptions, DWORD __RPC_FAR *pdwEnabledOptions)
{
UNREFERENCED_PARAMETER(riid);
*pdwSupportedOptions = INTERFACESAFE_FOR_UNTRUSTED_DATA|
INTERFACESAFE_FOR_UNTRUSTED_CALLER;
*pdwEnabledOptions = INTERFACESAFE_FOR_UNTRUSTED_DATA|
INTERFACESAFE_FOR_UNTRUSTED_CALLER;
return (S_OK);
}
HRESULT STDMETHODCALLTYPE CXXXCtrl::XObjectSafety::SetInterfaceSafetyOptions(
REFIID riid, DWORD dwOptionSetMask, DWORD dwEnabledOptions)
{
UNREFERENCED_PARAMETER(riid);
UNREFERENCED_PARAMETER(dwOptionSetMask);
UNREFERENCED_PARAMETER(dwEnabledOptions);
return (S_OK);
}
就是如此简单!