ActiveX学习笔记二 ActiveX在IE中安全级别问题-实现IObjectSafety接口

于 2019-01-08 00:56:45 发布
阅读量260 收藏
点赞数

http://blog.csdn.net/freedomqx/article/details/4955512

 

使用MFC开发ActiveX控件,在IE中会提示安全问题,这个可以通过实现IObjectSafety接口来解决问题

1.首先要包含头文件#include <ObjSafe.h>

2.然后在你的ActiveX头文件中添加

DECLARE_INTERFACE_MAP()

BEGIN_INTERFACE_PART(ObjSafe, IObjectSafety)   


STDMETHOD_(HRESULT,   GetInterfaceSafetyOptions)   (     
/*   [in]   */   REFIID   riid,   
/*   [out]   */   DWORD   __RPC_FAR   *pdwSupportedOptions,   
/*   [out]   */   DWORD   __RPC_FAR   *pdwEnabledOptions   
);   

STDMETHOD_(HRESULT,   SetInterfaceSafetyOptions)   (     
/*   [in]   */   REFIID   riid,   
/*   [in]   */   DWORD   dwOptionSetMask,   
/*   [in]   */   DWORD   dwEnabledOptions   
);   

END_INTERFACE_PART(ObjSafe);

3.然后在ActiveX对应的cpp文件中添加,将其中MyActiveCtrl替换成自己的ActiveCtrl类

//接口映射
BEGIN_INTERFACE_MAP(MyActiveXCtrl,COleControl)   
 INTERFACE_PART(MyActiveXCtrl,IID_IObjectSafety,ObjSafe)   
END_INTERFACE_MAP()   

//   IObjectSafety   member   functions   
//   Delegate   AddRef,   Release,   QueryInterface   
ULONG FAR EXPORT MyActiveXCtrl::XObjSafe::AddRef()   
{   
 METHOD_PROLOGUE(MyActiveXCtrl,ObjSafe)   
 return pThis->ExternalAddRef();   
}   

ULONG FAR EXPORT MyActiveXCtrl::XObjSafe::Release()   
{   
 METHOD_PROLOGUE(MyActiveXCtrl,ObjSafe)   
 return pThis->ExternalRelease();   
}   

HRESULT FAR EXPORT MyActiveXCtrl::XObjSafe::QueryInterface(REFIID iid,void FAR* FAR* ppvObj)   
{   
 METHOD_PROLOGUE(MyActiveXCtrl,ObjSafe)   
 return (HRESULT)pThis->ExternalQueryInterface(&iid,ppvObj);   
}   

const DWORD dwSupportedBits = INTERFACESAFE_FOR_UNTRUSTED_CALLER | INTERFACESAFE_FOR_UNTRUSTED_DATA;   
const DWORD dwNotSupportedBits=~dwSupportedBits;   

//   CStopLiteCtrl::XObjSafe::GetInterfaceSafetyOptions   
//   Allows   container   to   query   what   interfaces   are   safe   for   what.   We're   
//   optimizing   significantly   by   ignoring   which   interface   the   caller   is   
//   asking   for.   
HRESULT   STDMETHODCALLTYPE     
MyActiveXCtrl::XObjSafe::GetInterfaceSafetyOptions(     
 /*   [in]   */   REFIID   riid,   
 /*   [out]   */   DWORD   __RPC_FAR   *pdwSupportedOptions,   
 /*   [out]   */   DWORD   __RPC_FAR   *pdwEnabledOptions)   
{   
 METHOD_PROLOGUE(MyActiveXCtrl,ObjSafe)   
 HRESULT   retval   =   ResultFromScode(S_OK);   
 //   does   interface   exist?   
 IUnknown FAR* punkInterface;   
 retval = pThis->ExternalQueryInterface(&riid, (void **)&punkInterface);   
 if(retval!=E_NOINTERFACE) 
 { //   interface   exists   
  punkInterface->Release();   //   release   it--just   checking!   
 }   
 //   we   support   both   kinds   of   safety   and   have   always   both   set, regardless   of   interface   
 *pdwSupportedOptions=*pdwEnabledOptions=dwSupportedBits;   
 return retval;   //   E_NOINTERFACE   if   QI   failed   
}   

/////   
//   CStopLiteCtrl::XObjSafe::SetInterfaceSafetyOptions   
//   Since   we're   always   safe,   this   is   a   no-brainer--but   we   do   check   to   make   
//   sure   the   interface   requested   exists   and   that   the   options   we're   asked   to   
//   set   exist   and   are   set   on   (we   don't   support   unsafe   mode).   
HRESULT   STDMETHODCALLTYPE     
MyActiveXCtrl::XObjSafe::SetInterfaceSafetyOptions(     
 /*   [in]   */   REFIID   riid,   
 /*   [in]   */   DWORD   dwOptionSetMask,   
 /*   [in]   */   DWORD   dwEnabledOptions)   
{   
 METHOD_PROLOGUE(MyActiveXCtrl,   ObjSafe)   
 //   does   interface   exist?   
 IUnknown   FAR*   punkInterface;   
 pThis->ExternalQueryInterface(&riid,   (void   *   *)&punkInterface);   
 if(punkInterface)
 { //   interface   exists   
  punkInterface->Release();   //   release   it--just   checking!   
 }   
 else 
 {   //   interface   doesn't   exist   
  return ResultFromScode(E_NOINTERFACE);   
 }   

 //   can't   set   bits   we   don't   support   
 if(dwOptionSetMask   &   dwNotSupportedBits)  
 {     
  return ResultFromScode(E_FAIL);   
 }   

 //   can't   set   bits   we   do   support   to   zero   
 dwEnabledOptions&=dwSupportedBits;   
 //   (we   already   know   there   are   no   extra   bits   in   mask   )   
 if((dwOptionSetMask&dwEnabledOptions)!=dwOptionSetMask) 
 {   
  return ResultFromScode(E_FAIL);   
 }   
 //   don't   need   to   change   anything   since   we're   always   safe   
 return ResultFromScode(S_OK);   
}

编译成功后,浏览器默认安全级别也不会再报安全问题了

参考:http://topic.csdn.net/t/20020612/20/798933.html

weixin_34184158
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
如何 IObjectSafety 标记 ATL 控件安全初始化
04-30
需要用来获得所需的功能在步骤涉及到 IObjectSafetyImpl 用作您的控件派生的类之一,和重写 GetInterfaceSafetyOptions 和 SetInterfaceSafetyOptions。 这使您实现所需的功能在这种情况下意味着将标记为可安全编写脚本和初始化该控件。 若要将 IObjectSafetyImpl 需要将其添加到您的控件派生的类的列表。 是例如多边形教程您看到以下: class ATL_NO_VTABLE CPolyCtl : ... public IObjectSafetyImpl // ATL's version of // IObjectSafety { public: BEGIN_COM_MAP(CPolyCtl) ... COM_INTERFACE_ENTRY_IMPL(IObjectSafety) // Tie IObjectSafety // to this COM map END_COM_MAP() STDMETHOD(GetInterfaceSafetyOptions)(REFIID riid, DWORD *pdwSupportedOptions, DWORD *pdwEnabledOptions) { ATLTRACE(_T("CObjectSafetyImpl::GetInterfaceSafetyOptions\n")); if (!pdwSupportedOptions || !pdwEnabledOptions) return E_FAIL; LPUNKNOWN pUnk; if (_InternalQueryInterface (riid, (void**)&pUnk) == E_NOINTERFACE) { // Our object doesn't even support this interface. return E_NOINTERFACE; }else{ // Cleanup after ourselves. pUnk->Release(); pUnk = NULL; } if (riid == IID_IDispatch) { // IDispatch is an interface used for scripting. If your // control supports other IDispatch or Dual interfaces, you // may decide to add them here as well. Client wants to know // if object is safe for scripting. Only indicate safe for // scripting when the interface is safe. *pdwSupportedOptions = INTERFACESAFE_FOR_UNTRUSTED_CALLER; *pdwEnabledOptions = m_dwSafety & INTERFACESAFE_FOR_UNTRUSTED_CALLER; return S_OK; }else if ((riid == IID_IPersistStreamInit) || (riid == IID_IPersistStorage)) { // IID_IPersistStreamInit and IID_IPersistStorage are // interfaces used for Initialization. If your control // supports other Persistence interfaces, you may decide to // add them here as well. Client wants to know if object is // safe for initializing. Only indicate safe for initializing // when the interface is safe. *pdwSupportedOptions = INTERFACESAFE_FOR_UNTRUSTED_DATA; *pdwEnabledOptions = m_dwSafety & INTERFACESAFE_FOR_UNTRUSTED_DATA; return S_OK; }else{ // We are saying that no other interfaces in this control are // safe for initializing or scripting. *pdwSupportedOptions = 0; *pdwEnabledOptions = 0; return E_FAIL; } } STDMETHOD(SetInterfaceSafetyOptions)(REFIID riid, DWORD dwOptionSetMask, DWORD dwEnabledOptions) { ATLTRACE(_T("CObjectSafetyImpl::SetInterfaceSafetyOptions\n")); if (!dwOptionSetMask && !dwEnabledOptions) return E_FAIL; LPUNKNOWN pUnk; if (_InternalQueryInterface (riid, (void**)&pUnk) == E_NOINTERFACE) { // Our object doesn't even support this interface. return E_NOINTERFACE; }else{ // Cleanup after ourselves. pUnk->Release(); pUnk = NULL; } // Store our current safety level to return in // GetInterfaceSafetyOptions m_dwSafety |= dwEnabledOptions & dwOptionSetMask; if ((riid == IID_IDispatch) && (m_dwSafety & INTERFACESAFE_FOR_UNTRUSTED_CALLER)) { // Client wants us to disable any functionality that would // make the control unsafe for scripting. The same applies to // any other IDispatch or Dual interfaces your control may // support. Because our control is safe for scripting by // default we just return S_OK. return S_OK; }else if (((riid == IID_IPersistStreamInit) || (riid == IID_IPersistStorage)) && (m_dwSafety & INTERFACESAFE_FOR_UNTRUSTED_DATA)) { // Client wants us to make the control safe for initializing // from persistent data. For these interfaces, this control // is safe so we return S_OK. For Any interfaces that are not // safe, we would return E_FAIL. return S_OK; }else{ // This control doesn't allow Initialization or Scripting // from any other interfaces so return E_FAIL. return E_FAIL; } } ... } ATL 3.0 , IObjectSafetyImpl 的实现已更改,使您现在可以作为模板参数提供安全选项。 例如,上述类的声明将显示为 class ATL_NO_VTABLE CPolyCtl : ... public IObjectSafetyImpl { public: BEGIN_COM_MAP(CPolyCtl) ... ,您将不必重写两个方法。 有关其他信息,单击下面,文章编号,以查看 Microsoft 知识库相应: 192093 PRB: 编译器错误时移植到 ATL 3.0 IObjectSafetyImpl
ActiveX 控件安全性demo.zip
09-06
第一个涉及实现IObjectSafety接口的控件,对于想要改变其行为并在Internet浏览器的上下文运行时变得“安全”的控件非常有用。第个涉及修改控件的DllRegisterServer函数以在注册表标记控件“safe”。 本测试...
activex 添加 iobjectsafety
jilong17的专栏
03-09 893
activex 添加 iobjectsafety 1. 添加  #include "atlctl.h" 2. 在继承类添加public IObjectSafetyImplFOR_UNTRUSTED_ CALLER|INTERFACESAFE_FOR_UNTRUSTED_DATA>, 3.// 实现安全接口  COM_INTERFACE_ENTRY(IObjectS
ActiveX ocx控件有时在网页无法显示需要实现IObjectSafety接口
逍遥骏马
03-06 3304
ActiveX ocx控件有时在网页无法显示需要实现IObjectSafety接口 通过自己调试,可能导致的原因是:          如果没有实现IobjectSafety接口浏览器交互不安全导致的。                  打“开工程名Ctl.h”在最上面添加     #include          在类的DECLARE_DYNCR
关于IObjectSafetyActiveX组件的脚本安全
yangzibin的博客
11-17 224
都说ActiveX 危险,那么为什么XmlHttpRequest以及MediaPlayer都是用ActiveX的方式创建的,却没有问题?原来,这是因为这些ActiveX组件 都声明自己是脚本 安全 的,而IE的级安全设置上,是允许脚本安全的ActiveX创建,并且不予警告的。(文/optman ) IE怎么知道一个插件 是脚本安全的?它是通过以下两个办法。一是查询ActiveX组件...
Activex控件的IObjectSafety接口问题
weixin_34186931的博客
01-08 217
我的05年做流氓插件的时候,就注意到了这个问题,只要注册表加入 类似的就可以  HKEY_CLASSES_ROOT\Component    Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}    HKEY_CLASSES_ROOT\Component    Categories\{7DD95802-9882-11CF-9FA9-00AA006C...
C#用Activex实现Web客户端读取RFID功能的代码
09-05
最后,需要注意的是,由于ActiveX控件主要在Internet Explorer使用,且存在安全性问题,现代Web开发已经逐渐被更安全的解决方案(如WebAssembly、Web APIs)所取代。不过,在某些特定的遗留系统或者需要兼容旧版...
使用C#开发ActiveX控件
最新发布
06-06
3. 实现 IObjectSafety 接口,用于让 ActiveX 控件获得客户端的信任; 4. 实现控件类,包括控件的逻辑和界面设计。 四、使用 C# 开发 ActiveX 控件的示例 本文提供了一个使用 C# 开发 ActiveX 控件的示例,实现对...
在浏览器不弹出警告的ActiveX控件示例代码VC源代码
03-15
2. 在ActiveX控件的实现文件实现`IObjectSafety`接口的`GetInterfaceSafetyOptions`和`SetInterfaceSafetyOptions`方法。 3. 在`GetInterfaceSafetyOptions`方法,返回控件支持的安全选项,例如INTERFACESAFE_...
剖析ActiveX控件安全问题
blog之antyi
06-15 722
剖析ActiveX控件安全问题 上2006年11月11日 星期六 10:26 1、介绍         如果你曾经在网页或者ASP使用过com对象,你可能会发现,有时候会出现这样讨厌的对话框  
IExpress For WIN7
03-10
IExpress For WIN7
vc ocx 实现IObjectSafety接口
浪迹天涯的专栏
05-21 726
如果没有实现IobjectSafety接口浏览器会提示交互不安全等信息   打开 工程名Ctl.h 搜索 class C工程名Ctrl : public COleControl 在其上面添加 #include 搜索 DECLARE_DYNCREATE(C工程名Ctrl) 下面添加 DECLARE_INTERFACE_MAP()  BEGIN_INTERFACE
ActiveX控件(ATL篇)
Hanford的专栏
11-25 1214
目 录 第1章 VC++6.0创建    2 1.1 目标    2 1.2 创建项目    2 1.3 增加COM类    4 1.4 属性    7 1.5 事件    8 1.6 实现连接点    9 1.7 编码    11 1.7.1 增加成员变量    11 1.7.2 初始化成员变量    
C#编程:创建ActiveX控件与CAB打包教程
在C#创建ActiveX控件,可以使得这些控件在支持ActiveX技术的环境(如早期的Web页面或某些桌面应用)被调用和使用。" 在C#开发ActiveX控件,首先需要创建一个新的项目,选择"Visual C#" -> "Windows" -> ...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值