http://blog.csdn.net/aoyo/article/details/5115189
在许多人的博客中可以看到有这样的小玩意 , 点击下就可以和博主进行对话,而且无需加博主为好友。很显然,这是腾讯在web页中的调用自己的QQ,那么他们是怎么做的呢?
我们先看一下腾讯给我们提供的代码:
< a href ="tencent://message/?uin=88888888&Site=JooIT.com&Menu=yes" >
< img border ="0" SRC ='http://is.qq.com/webpresence/images/status/01_online.gif' alt ="点击这里给我发消息" >
</ a >
很显然,奥妙就在“tencent://message/?uin=215555521&Site=JooIT.com&Menu=yes”这里,那这又到底是什么原理呢?
我们想一下,如果要打开本地的 QQ,肯定要分两步走,首先是定位到 QQ,然后是传递给它一些参数,也就是“uin=uin=88888888&Site=JooIT.com&Menu=yes ”这样的东西。 定位的话,借助注册表是最明显的方式了。可怎么把 QQ跑起来呢?要我们自己去启动一个进程么?(当然也可以,不过有更简单的何必呢),答案是否定的,Windows操作系统考虑了这一点,允许我们为自己的应用程序注册为一个协议处理者,具体参见 MSDN上的文章《Registering an Application to a URL Protocol 》。
腾讯的Tencent://Message协议注册表如下:
知道了原理,那么我们照葫芦画瓢的做个DemoSA实验一下:
打开Visual Studio 2008(你也可以用其他的开发工具,Delphi,VB都可以),新建一个Windows Forms项目,在默认的Form1里添加一个Label控件(这里是为了显示传递过来的参数用的,你也可以不这么做),在窗体的Load事件里写上如下 代码:
this.label1.Text = strArgs;//是Form1的声明为:Public的String类型变量
为了让我们的程序支持命令行参数(winform程序默认没有命令行参数),我们再到Programs.cs里对Main()函数进行改造。
改造后的代码如下:
[STAThread]
static void Main(string[] args)
{
Application.EnableVisualStyles();
Application.SetCompatibleTextRenderingDefault(false);
Form1 frm = new Form1();
if (args.Length >0)
{
frm.strArgs = args[0];
Application.Run(frm);
}
else
{
Application.Run(new Form1());
}
}
将项目编译。
好了,来到最关键的步骤了,在注册表中为我们自定义的helloworld 协议建立起注册表项,从而让HelloWorld 应用程序支持此协议。将如下的注册表项加入即可, 这里为了简单起见我直接用一个.reg 文件来实现,也可以用其他方式进行:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT / HelloWorld]
@ = " HelloWorld Protocol "
" URL Protocol " = ""
[HKEY_CLASSES_ROOT / HelloWorld / DefaultIcon]
@ = " D://My Documents//Visual Studio 2005//Projects//HelloWorld//release//HelloWorld.exe,1 "
[HKEY_CLASSES_ROOT / HelloWorld / shell ]
@ = ""
[HKEY_CLASSES_ROOT / HelloWorld / shell / open]
@ = ""
[HKEY_CLASSES_ROOT / HelloWorld / shell / open / command ]
@ = " / " D: // My Documents // Visual Studio 2005 // Projects // HelloWorld // release // HelloWorld . exe / " / " %1 /""
好了,这下可以来测试 helloworld协议了,在地址栏中输入: helloworld://hello world/,怎么样,下面的画面出来了吧,
再来到web 页面进行测试,修改上面的html 代码如下:
< head ></ head >
< body >
< div >
< a href ="helloworld://hello world" >
< img border ="0" SRC ='http://is.qq.com/webpresence/images/status/01_online.gif' alt ="点击这里给我发消息" >
</ a >
</ div >
</ body >
</ html >
若是要在web页面调用本地的winform程序,同理也是可行的。
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT/Tencent]
@= " TencentProtocol "
" URL Protocol " = " D://Program Files//Tencent//QQ//Timwp.exe "
[HKEY_CLASSES_ROOT/Tencent/DefaultIcon]
@= " D://Program Files//Tencent//QQ//Timwp.exe,1 "
[HKEY_CLASSES_ROOT/Tencent/shell]
[HKEY_CLASSES_ROOT/Tencent/shell/open]
[HKEY_CLASSES_ROOT/Tencent/shell/open/command] @= " / " D://Program Files//Tencent//QQ//Timwp.exe/ " / "% 1 / ""
此注册表所实现的就是当浏览器(或其它)碰到 tencent://… 时,自动调用 Timwp.exe ,并把 tencent://… 地址作为第一个参数传递给 Timwp.exe 。
The About Asynchronous Pluggable Protocols article describes how to develop handlers for URL protocols. In some cases, it may be desirable to invoke another application to handle a custom protocol. To do so, register the existing application as a URL Protocol handler. Once the application has successfully launched, it can use command-line parameters to retrieve the URL that launched it. These settings apply to protocol handlers launched from within Windows Internet Explorer and from Windows Explorer using the Run... command (Windows logo key+R).
Security Alert Applications that handle URL protocols must consider how to respond to malicious data. Because handler applications can receive data from untrusted sources, the URL and other parameter values passed to the application may contain malicious data that attempts to exploit the handling application.
This topic contains the following sections:
- Registering the Application Handling the Custom Protocol
- Launching the Handler
- Security Issues
- Example Protocol Handler
- Related Topics
Registering the Application Handling the Custom Protocol
To register an application to handle a particular URL protocol, add a new key, along with the appropriate subkeys and values, to HKEY_CLASSES_ROOT. The root key must match the protocol scheme that is being added. For instance, to add an "alert:" protocol, add an alert key to HKEY_CLASSES_ROOT, as follows:
alert
URL Protocol = ""
Under this new key, the URL Protocol string value indicates that this key declares a custom protocol handler. Without this key, the handler application will not launch. The value should be an empty string.
Keys should also be added for DefaultIcon and shell . The Default string value of the DefaultIcon key must be the file name to use as an icon for this new URL protocol. The string takes the form "path, iconindex" with a maximum length of MAX_PATH. The name of the first key under the shell key should be an action verb, such as open . Under this key, a command key or a DDEEXEC key indicate how the handler should be invoked. The values under the command and DDEEXEC keys describe how to launch the application handling the new protocol.
Finally, the Default string value should contain the display name of the new protocol. The following example shows how to register an application, alert.exe in this case, to handle the alert protocol.
alert
(Default) = "URL:Alert Protocol"
URL Protocol = ""
DefaultIcon
(Default) = "alert.exe,1"
shell
open
command
(Default) = "C:/Program Files/Alert/alert.exe" "%1"
When a user clicks a link registered to your custom URL protocol, Internet Explorer launches the registered URL protocol handler. If the specified open command specified in the registry contains a %1 parameter, Internet Explorer passes the URL to the registered protocol handler application.
Launching the Handler
By adding the above settings to the registry, navigating to URLs such as alert:Hello%20World would cause an attempt to launch alert.exe with the complete URL on the command line. Internet Explorer decodes the URL, but the Windows Run... command does not. If a URL contains spaces, it may be split across more than one argument on the command line.
For example, if the link above is followed through Internet Explorer, the command line would be:
"C:/Program Files/Alert/alert.exe" "alert:Hello World"
If this link is followed through Windows Explorer, the Windows Run command, or some other application, the command line would be:
"C:/Program Files/Alert/alert.exe" "alert:Hello%20World"
Because Internet Explorer will decode all percent-encoded octets in the URL before passing the URL to ShellExecute , URLs such as alert:%3F? will be given to the alert application protocol handler as alert:?? . The handler won't know that the first question mark was percent-encoded. To avoid this issue, application protocol handlers and their associated URL scheme must not rely on encoding. If encoding is necessary, protocol handlers should use another type of encoding that is compatible with URL syntax, such as Base64 encoding. Double percent-encoding is not a perfect solution either; if the application protocol URL isn't processed by Internet Explorer, it will not be decoded.
When ShellExecute executes the application protocol handler with the URL on the command line, any non-encoded spaces, quotes, and slashes in the URL will be interpreted as part of the command line. This means that if you use C/C++'s argc and argv to determine the arguments passed to your application, the URL may be broken across multiple parameters. To mitigate this issue:
- Avoid spaces, quotes, or backslashes in your URL
- Quote the %1 in the registration ("%1" as written in the 'alert' example registration)
However, avoidance doesn't completely solve the problem of quotes in the URL or a backslash at the end of the URL.
Security Issues
As noted above, the URL that is passed to an application protocol handler might be broken across multiple parameters. Malicious parties could use additional quote or backslash characters to pass additional command line parameters. For this reason, application protocol handlers should assume that any parameters on the command line could come from malicious parties, and carefully validate them. Applications that could initiate dangerous actions based on external data must first confirm those actions with the user. In addition, handling applications should be tested with URLs that are overly long or contain unexpected (or undesirable) character sequences.
For more information, please see Writing Secure Code .
Example Protocol Handler
The following sample code contains a simple C# console application demonstrating one way to implement a protocol handler for the alert protocol.
using System;
using System.Collections.Generic;
using System.Text;
namespace Alert
{
class Program
{
static string ProcessInput(string s)
{
// TODO Verify and validate the input
// string as appropriate for your application.
return s;
}
static void Main(string[] args)
{
Console.WriteLine("Alert.exe invoked with the following parameters./r/n");
Console.WriteLine("Raw command-line: /n/t" + Environment.CommandLine);
Console.WriteLine("/n/nArguments:/n");
foreach (string s in args)
{
Console.WriteLine("/t" + ProcessInput(s));
}
Console.WriteLine("/nPress any key to continue...");
Console.ReadKey();
}
}
}
When invoked with the URL alert:"Hello%20World" (note extra quotes) from Internet Explorer, the program responds with:
Alert.exe invoked with the following parameters.
Raw command-line:
"C:/Program Files/Alert/alert.exe" "alert:"Hello World""
Arguments:
alert:Hello
World
Press any key to continue...
-
顶
- 0
-
踩
- 0
864
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
