VB中实现IObjectSafety接口以声明控件安全的方法

最新推荐文章于 2017-11-01 11:25:00 发布
最新推荐文章于 2017-11-01 11:25:00 发布
阅读量1.5k 收藏
点赞数
分类专栏: asp.net vb
asp.net 同时被 2 个专栏收录
11 篇文章 0 订阅
订阅专栏
vb
4 篇文章 0 订阅
订阅专栏

VB中实现IObjectSafety接口以声明控件安全的方法  

转载自: http://www.cnblogs.com/Shana/archive/2009/06/24/VB_Iobjsafe.html

VB编写的ActiveX控件,在被Javascript脚本调用时会弹出讨厌的对话框,警告用户即将运行不安全的ActiveX脚本,因此必须要实现IObjectSafety接口以声明控件是脚本安全的,下面是具体方法:

      1. 新建一个目录作为你的工程目录;

      2. 插入VB的安装盘,进入%安装盘根目录%\COMMON\TOOLS\VB\UNSUPPRT\TYPLIB,将里面的4个文件C1.EXE、CL.EXE、MKTYPLIB.EXE、MSPDB41.DLL拷贝到刚才的工程目录中;

      3. 打开记事本,粘贴下面的代码然后另存为objsafe.odl,保存在工程目录中;

       [
          uuid(C67830E0-D11D-11cf-BD80-00AA00575603),
          helpstring("VB IObjectSafety Interface"),
          version(1.0)
      ]
      library IObjectSafetyTLB
      {
          importlib("stdole2.tlb");
          [
              uuid(CB5BDC81-93C1-11cf-8F20-00805F2CD064),
              helpstring("IObjectSafety Interface"),
              odl
          ]
          interface IObjectSafety:IUnknown {
              [helpstring("GetInterfaceSafetyOptions")]
              HRESULT GetInterfaceSafetyOptions(
                        [in]  long  riid,
                        [in]  long *pdwSupportedOptions,
                        [in]  long *pdwEnabledOptions);

              [helpstring("SetInterfaceSafetyOptions")]
              HRESULT SetInterfaceSafetyOptions(
                        [in]  long  riid,
                        [in]  long  dwOptionsSetMask,
                        [in]  long  dwEnabledOptions);
           }
       }

      4. 运行cmd进入命令行,利用CD命令进入工程目录,然后输入以下命令并回车:

            MKTYPLIB objsafe.odl /tlb objsafe.tlb

      5. 进入Visual Basic,新建ActiveX空间工程。在属性菜单里,将工程名修改为IObjSafety,控件名修改为DemoCtl。给空间中添加一个按钮,并在这个按钮的点击事件里加入一句:MsgBox "Test";

      6. 在"工程"菜单里点击"引用",接着点浏览,然后选择加入Objsafe.tlb;

      7. 给你的工程添加一个模块,模块的代码如下,模块名称为basSafeCtl;

       Option Explicit

      Public Const IID_IDispatch = "{00020400-0000-0000-C000-000000000046}"
      Public Const IID_IPersistStorage = _
        "{0000010A-0000-0000-C000-000000000046}"
      Public Const IID_IPersistStream = _
        "{00000109-0000-0000-C000-000000000046}"
      Public Const IID_IPersistPropertyBag = _
        "{37D84F60-42CB-11CE-8135-00AA004BB851}"

      Public Const INTERFACESAFE_FOR_UNTRUSTED_CALLER = &H1
      Public Const INTERFACESAFE_FOR_UNTRUSTED_DATA = &H2
      Public Const E_NOINTERFACE = &H80004002
      Public Const E_FAIL = &H80004005
      Public Const MAX_GUIDLEN = 40

      Public Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" _
         (pDest As Any, pSource As Any, ByVal ByteLen As Long)
      Public Declare Function StringFromGUID2 Lib "ole32.dll" (rguid As _
         Any, ByVal lpstrClsId As Long, ByVal cbMax As Integer) As Long

      Public Type udtGUID
          Data1 As Long
          Data2 As Integer
          Data3 As Integer
          Data4(7) As Byte
      End Type

      Public m_fSafeForScripting As Boolean
      Public m_fSafeForInitializing As Boolean

      Sub Main()
          m_fSafeForScripting = True
          m_fSafeForInitializing = True
      End Sub

      8. 修改工程属性,将启动项改为Sub_Main;

      9. 在你自己的控件中,在Option Explicit后加入一行:Implements IObjectSafety;

      10. 给你的控件中加入下面的代码:

       Private Sub IObjectSafety_GetInterfaceSafetyOptions(ByVal riid As _
      Long, pdwSupportedOptions As Long, pdwEnabledOptions As Long)

          Dim Rc      As Long
          Dim rClsId  As udtGUID
          Dim IID     As String
          Dim bIID()  As Byte

          pdwSupportedOptions = INTERFACESAFE_FOR_UNTRUSTED_CALLER Or _
                                INTERFACESAFE_FOR_UNTRUSTED_DATA

          If (riid <> 0) Then
              CopyMemory rClsId, ByVal riid, Len(rClsId)

              bIID = String$(MAX_GUIDLEN, 0)
              Rc = StringFromGUID2(rClsId, VarPtr(bIID(0)), MAX_GUIDLEN)
              Rc = InStr(1, bIID, vbNullChar) - 1
              IID = Left$(UCase(bIID), Rc)

              Select Case IID
                  Case IID_IDispatch
                      pdwEnabledOptions = IIf(m_fSafeForScripting, _
                    INTERFACESAFE_FOR_UNTRUSTED_CALLER, 0)
                      Exit Sub
                  Case IID_IPersistStorage, IID_IPersistStream, _
                     IID_IPersistPropertyBag
                      pdwEnabledOptions = IIf(m_fSafeForInitializing, _
                    INTERFACESAFE_FOR_UNTRUSTED_DATA, 0)
                      Exit Sub
                  Case Else
                      Err.Raise E_NOINTERFACE
                      Exit Sub
              End Select
          End If
      End Sub

      Private Sub IObjectSafety_SetInterfaceSafetyOptions(ByVal riid As _
      Long, ByVal dwOptionsSetMask As Long, ByVal dwEnabledOptions As Long)
          Dim Rc          As Long
          Dim rClsId      As udtGUID
          Dim IID         As String
          Dim bIID()      As Byte

          If (riid <> 0) Then
              CopyMemory rClsId, ByVal riid, Len(rClsId)

              bIID = String$(MAX_GUIDLEN, 0)
              Rc = StringFromGUID2(rClsId, VarPtr(bIID(0)), MAX_GUIDLEN)
              Rc = InStr(1, bIID, vbNullChar) - 1
              IID = Left$(UCase(bIID), Rc)

              Select Case IID
                  Case IID_IDispatch
                      If ((dwEnabledOptions And dwOptionsSetMask) <> _
                   INTERFACESAFE_FOR_UNTRUSTED_CALLER) Then
                          Err.Raise E_FAIL
                          Exit Sub
                      Else
                          If Not m_fSafeForScripting Then
                              Err.Raise E_FAIL
                          End If
                          Exit Sub
                      End If

                  Case IID_IPersistStorage, IID_IPersistStream, _
                IID_IPersistPropertyBag
                      If ((dwEnabledOptions And dwOptionsSetMask) <> _
                    INTERFACESAFE_FOR_UNTRUSTED_DATA) Then
                          Err.Raise E_FAIL
                          Exit Sub
                      Else
                          If Not m_fSafeForInitializing Then
                              Err.Raise E_FAIL
                          End If
                          Exit Sub
                      End If

                  Case Else
                      Err.Raise E_NOINTERFACE
                      Exit Sub
              End Select
          End If
      End Sub

      11. 在"文件"菜单中点击"生成ocx文件",ok,现在你的控件已经是脚本安全的了,可以直接使用js脚本进行调用了。

cdz1022
关注
专栏目录
如何用VB安全控件(从MSDN引用)
快乐鸟的专栏
12-24 1387
总述 本文叙述了如何在VB实现控件的IobjectSafety接口,以标志该控件是脚本安全和初始化安全的。VB控件默认的处理方式是在注册表注册组件类来标识其安全性,但实现IobjectSafety接口是更好的方法。本言语包括了实现过程所需的所有代码。  请注意,控件只有确确实实是安全的,才能被标识为“安全的”。本文并未论及如何确保控件安全性,这个问题请参阅Internet Client S
再谈IObjectSafety
热门推荐
optman的专栏
07-18 2万+
都说ActiveX危险,那么为什么XmlHttpRequest以及MediaPlayer都是用ActiveX的方式创建的,却没有问题?原来,这是因为这些ActiveX组件都声明自己是脚本安全的,而IE的安全设置上,是允许脚本安全的ActiveX创建,并且不予警告的。IE怎么知道一个插件是脚本安全的?它是通过以下两个办法。一是查询ActiveX组件是否实现了IObjectSafety接口,并
VB控件实现IObjectSafety安全接口
pyluyuan的专栏
11-15 524
<br />VB控件实现IObjectSafety安全接口(zt) 本文叙述了如何在VB实现控件的IobjectSafety接口,<br /><br />以标志该控件是脚本安全和初始化安全的。<br />VB控件默认的处理方式是在注册表注册组件类来标识其安全性,<br />但实现IobjectSafety接口是更好的方法。<br />本文包括了实现过程所需的所有代码。<br />1、将以下文本复制到记事本, 并作为 objsafe.odl 项目文件夹以保存文件:<br />             
VB6.0开发ActiveX实现IObjectSafety
weixin_34111790的博客
06-04 136
VB6.0开发的ActiveX控件应用与Web程序时必须实现IObjectSafety接口.否则不能够正常使用.步骤:1:新建文件Objsafe.odl文件 [ uuid(C67830E0-D11D-11cf-BD80-00AA00575603), helpstring("VB IObjectSafety Interface"), ...
实现vb activeX控件安全性(IE不提示安全问题) 继承IObjectSafety接口
Mark的专栏
12-03 2397
从 Visual Basic 6.0 CD-ROM(安装目录) 获取 OLE 自动化类型库生成器。若要执行此操作将所有四个文件从 /Common/Tools/VB/Unsupprt/Typlib/ 文件夹复制到您的项目文件夹。将以下文本复制到记事本,,将文件保存为 Objsafe.odl 项目文件夹:[ uuid(C67830E0-D11D-11cf-BD80-00AA00575603), helpstring("VB IObjectSafety Inter
使用C#开发ActiveX控件
最新发布
06-06
3. 实现 IObjectSafety 接口,用于让 ActiveX 控件获得客户端的信任; 4. 实现控件类,包括控件的逻辑和界面设计。 四、使用 C# 开发 ActiveX 控件的示例 本文提供了一个使用 C# 开发 ActiveX 控件的示例,实现对...
Asp.net开发使用ActiveX控件
11-17
在本篇内容,我们将深入探讨如何在ASP.NET开发并使用ActiveX控件,以及在实际应用过程可能遇到的一些安全问题与解决方法。 ### 一、ActiveX控件简介 ActiveX控件是一种用于创建可重用软件组件的技术,最初由...
用.NET编写自己的ActiveX 控件
07-01
2. **实现IObjectSafety接口**:在`demoControl`类实现`IObjectSafety`接口方法。 ```csharp public void GetInterfaceSafetyOptions(Int32 riid, out Int32 pdwSupportedOptions, out Int32 ...
C#开发ActiveX控件控件的发布
12-01
通过实现`IObjectSafety`接口控件可以声明自己为安全的,限制恶意代码的访问。此外,跨域访问也可能需要配置,如使用`crossDomain.xml`文件来指定允许哪些域访问控件。 总结,开发C# ActiveX控件涉及到多个步骤,...
如何 IObjectSafety 标记 ATL 控件安全初始化
04-30
需要用来获得所需的功能在步骤涉及到 IObjectSafetyImpl 用作您的控件派生的类之一,和重写 GetInterfaceSafetyOptions 和 SetInterfaceSafetyOptions。 这使您实现所需的功能在这种情况下意味着将标记为可安全编写脚本和初始化该控件。 若要将 IObjectSafetyImpl 需要将其添加到您的控件派生的类的列表。 是例如多边形教程您看到以下: class ATL_NO_VTABLE CPolyCtl : ... public IObjectSafetyImpl // ATL's version of // IObjectSafety { public: BEGIN_COM_MAP(CPolyCtl) ... COM_INTERFACE_ENTRY_IMPL(IObjectSafety) // Tie IObjectSafety // to this COM map END_COM_MAP() STDMETHOD(GetInterfaceSafetyOptions)(REFIID riid, DWORD *pdwSupportedOptions, DWORD *pdwEnabledOptions) { ATLTRACE(_T("CObjectSafetyImpl::GetInterfaceSafetyOptions\n")); if (!pdwSupportedOptions || !pdwEnabledOptions) return E_FAIL; LPUNKNOWN pUnk; if (_InternalQueryInterface (riid, (void**)&pUnk) == E_NOINTERFACE) { // Our object doesn't even support this interface. return E_NOINTERFACE; }else{ // Cleanup after ourselves. pUnk->Release(); pUnk = NULL; } if (riid == IID_IDispatch) { // IDispatch is an interface used for scripting. If your // control supports other IDispatch or Dual interfaces, you // may decide to add them here as well. Client wants to know // if object is safe for scripting. Only indicate safe for // scripting when the interface is safe. *pdwSupportedOptions = INTERFACESAFE_FOR_UNTRUSTED_CALLER; *pdwEnabledOptions = m_dwSafety & INTERFACESAFE_FOR_UNTRUSTED_CALLER; return S_OK; }else if ((riid == IID_IPersistStreamInit) || (riid == IID_IPersistStorage)) { // IID_IPersistStreamInit and IID_IPersistStorage are // interfaces used for Initialization. If your control // supports other Persistence interfaces, you may decide to // add them here as well. Client wants to know if object is // safe for initializing. Only indicate safe for initializing // when the interface is safe. *pdwSupportedOptions = INTERFACESAFE_FOR_UNTRUSTED_DATA; *pdwEnabledOptions = m_dwSafety & INTERFACESAFE_FOR_UNTRUSTED_DATA; return S_OK; }else{ // We are saying that no other interfaces in this control are // safe for initializing or scripting. *pdwSupportedOptions = 0; *pdwEnabledOptions = 0; return E_FAIL; } } STDMETHOD(SetInterfaceSafetyOptions)(REFIID riid, DWORD dwOptionSetMask, DWORD dwEnabledOptions) { ATLTRACE(_T("CObjectSafetyImpl::SetInterfaceSafetyOptions\n")); if (!dwOptionSetMask && !dwEnabledOptions) return E_FAIL; LPUNKNOWN pUnk; if (_InternalQueryInterface (riid, (void**)&pUnk) == E_NOINTERFACE) { // Our object doesn't even support this interface. return E_NOINTERFACE; }else{ // Cleanup after ourselves. pUnk->Release(); pUnk = NULL; } // Store our current safety level to return in // GetInterfaceSafetyOptions m_dwSafety |= dwEnabledOptions & dwOptionSetMask; if ((riid == IID_IDispatch) && (m_dwSafety & INTERFACESAFE_FOR_UNTRUSTED_CALLER)) { // Client wants us to disable any functionality that would // make the control unsafe for scripting. The same applies to // any other IDispatch or Dual interfaces your control may // support. Because our control is safe for scripting by // default we just return S_OK. return S_OK; }else if (((riid == IID_IPersistStreamInit) || (riid == IID_IPersistStorage)) && (m_dwSafety & INTERFACESAFE_FOR_UNTRUSTED_DATA)) { // Client wants us to make the control safe for initializing // from persistent data. For these interfaces, this control // is safe so we return S_OK. For Any interfaces that are not // safe, we would return E_FAIL. return S_OK; }else{ // This control doesn't allow Initialization or Scripting // from any other interfaces so return E_FAIL. return E_FAIL; } } ... } ATL 3.0 , IObjectSafetyImpl 的实现已更改,使您现在可以作为模板参数提供安全选项。 例如,上述类的声明将显示为 class ATL_NO_VTABLE CPolyCtl : ... public IObjectSafetyImpl { public: BEGIN_COM_MAP(CPolyCtl) ... ,您将不必重写两个方法。 有关其他信息,单击下面,文章编号,以查看 Microsoft 知识库相应: 192093 PRB: 编译器错误时移植到 ATL 3.0 IObjectSafetyImpl
Activex控件的IObjectSafety接口问题
weixin_30553837的博客
11-01 105
http://blog.chinaunix.net/uid-192452-id-3150062.html 我的05年做流氓插件的时候,就注意到了这个问题,只要注册表加入类似的就可以HKEY_CLASSES_ROOT\Component Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} HKEY_CLASSES_R...
*继承IObjectSafety接口实现vb activeX控件安全性(IE不提示安全问题)
11级风的博客
04-16 1255
原文http://support.microsoft.com/kb/182598/zh-cn 从 Visual Basic 6.0 CD-ROM(安装目录) 获取 OLE 自动化类型库生成器。若要执行此操作将所有四个文件从 /Common/Tools/VB/Unsupprt/Typlib/ 文件夹复制到您的项目文件夹。 将以下文本复制到记事本,,将文件保存为 Objsafe.odl 项目文
Eclipse启动SDK Manager报错:[SDK Manager] 'xcopy' 不是内部外部命令,也不是可运行程序。...
自强不息
03-05 903
解决方法,在path环境变量下加上C:\WINDOWS\system32;或将C:\WINDOWS\system32\xcopy.exe拷贝到android sdk目录的tools下面即可正常运行
必须要实现IObjectSafety接口,把ActiveX控件标记为安全的ActiveX控件,可以不这样做的。可以把控件注册一下就可以了
人生不要太仁慈
11-02 663
必须要实现IObjectSafety接口,把ActiveX控件标记为安全的ActiveX控件,可以不这样做的。可以把控件注册一下就可以了。如果你实在看不懂 IObjectSafety接口的定义的话。可以这样做:RegistryKey rootKeyStair ,rootKeyTwo,rootKeyThree,rootKeyFour;   rootKeyStair = Registry.Clas
解决ActiveX控件安全提示问题:实现IObjectSafety接口
确保你的控件继承自IObjectSafety,并在类实现相应的方法,以设置所需的接口安全选项。 4. 注册和部署:最后,为了使控件能够在不同环境正常工作,可能还需要进行注册,通常是在发布前使用regsvr32.exe命令注册...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值