构建一个安全的ActiveX控件

最新推荐文章于 2019-02-19 12:30:05 发布

火麒噬日

最新推荐文章于 2019-02-19 12:30:05 发布

阅读量958

点赞数

分类专栏： ActiveX 文章标签： null scripting initialization server class function

ActiveX 专栏收录该内容

0 篇文章 0 订阅

订阅专栏

如果希望再IE载入控件的时候不对控件不安全作出警告的信息的话，你必须保证执行代码使用安全的初始化和脚本的Active控件。相关的细节可以参照微软MSDN上的文章“Safe Initialization and Scripting for ActiveX Controls”。本文的后面会给出链接地址。不过我在这篇文章里面看到了大量的错误和冗长的文章。其实只需要在代码中加入DllRegisterServer和DllUnregisterServer这两个方法。下面我们就一步步指导你把ActiveX控件改成安全的：

编辑MyActiveX.cpp文件加入下面代码。在你的ActiveX控件中CLSID_SafeItem的值需要等于你在MyActiveXCtrl.cpp文件中的IMPLEMENT_OLECREATE_EX，同时，这个值也要和你在网页中的OBJECT ID标记CLSID值相同。

 #include "comcat.h"
 #include "strsafe.h"
 #include "objsafe.h"
  
 // CLSID_SafeItem - Necessary for safe ActiveX control
 // Id taken from IMPLEMENT_OLECREATE_EX function in xxxCtrl.cpp
  
 const CATID CLSID_SafeItem =
 { 0x36299202, 0x9ef, 0x4abf,{ 0xad, 0xb9, 0x47, 0xc5, 0x99, 0xdb, 0xe7, 0x78}};
 
 // HRESULT CreateComponentCategory - Used to register ActiveX control as safe 
  
 HRESULT CreateComponentCategory(CATID catid, WCHAR *catDescription)
 {
    ICatRegister *pcr = NULL ;
    HRESULT hr = S_OK ;
 
    hr = CoCreateInstance(CLSID_StdComponentCategoriesMgr, 
            NULL, CLSCTX_INPROC_SERVER, IID_ICatRegister, (void**)&pcr);
    if (FAILED(hr))
        return hr;
 
    // Make sure the HKCR/Component Categories/{..catid...}
    // key is registered.
    CATEGORYINFO catinfo;
    catinfo.catid = catid;
    catinfo.lcid = 0x0409 ; // english
    size_t len;
    // Make sure the provided description is not too long.
    // Only copy the first 127 characters if it is.
    // The second parameter of StringCchLength is the maximum
    // number of characters that may be read into catDescription.
    // There must be room for a NULL-terminator. The third parameter
    // contains the number of characters excluding the NULL-terminator.
    hr = StringCchLength(catDescription, STRSAFE_MAX_CCH, &len);
    if (SUCCEEDED(hr))
        {
        if (len>127)
          {
            len = 127;
          }
        }   
    else
        {
          // TODO: Write an error handler;
        }
    // The second parameter of StringCchCopy is 128 because you need 
    // room for a NULL-terminator.
    hr = StringCchCopy(catinfo.szDescription, len + 1, catDescription);
    // Make sure the description is null terminated.
    catinfo.szDescription[len + 1] = '/0';
 
    hr = pcr->RegisterCategories(1, &catinfo);
    pcr->Release();
 
    return hr;
}
 
// HRESULT RegisterCLSIDInCategory -
//      Register your component categories information
 
HRESULT RegisterCLSIDInCategory(REFCLSID clsid, CATID catid)
{
// Register your component categories information.
    ICatRegister *pcr = NULL ;
    HRESULT hr = S_OK ;
    hr = CoCreateInstance(CLSID_StdComponentCategoriesMgr, 
                NULL, CLSCTX_INPROC_SERVER, IID_ICatRegister, (void**)&pcr);
    if (SUCCEEDED(hr))
    {
       // Register this category as being "implemented" by the class.
       CATID rgcatid[1] ;
       rgcatid[0] = catid;
       hr = pcr->RegisterClassImplCategories(clsid, 1, rgcatid);
    }
 
    if (pcr != NULL)
        pcr->Release();
            
    return hr;
}
 
// HRESULT UnRegisterCLSIDInCategory - Remove entries from the registry
 
HRESULT UnRegisterCLSIDInCategory(REFCLSID clsid, CATID catid)
{
    ICatRegister *pcr = NULL ;
    HRESULT hr = S_OK ;
 
    hr = CoCreateInstance(CLSID_StdComponentCategoriesMgr, 
            NULL, CLSCTX_INPROC_SERVER, IID_ICatRegister, (void**)&pcr);
    if (SUCCEEDED(hr))
    {
       // Unregister this category as being "implemented" by the class.
       CATID rgcatid[1] ;
       rgcatid[0] = catid;
       hr = pcr->UnRegisterClassImplCategories(clsid, 1, rgcatid);
    }
 
    if (pcr != NULL)
        pcr->Release();
 
    return hr;
}

改变DllRegisterServer方法:

STDAPI DllRegisterServer(void) {
    HRESULT hr;    // HResult used by Safety Functions
 
    AFX_MANAGE_STATE(_afxModuleAddrThis);
 
    if (!AfxOleRegisterTypeLib(AfxGetInstanceHandle(), _tlid))
      return ResultFromScode(SELFREG_E_TYPELIB);
 
    if (!COleObjectFactoryEx::UpdateRegistryAll(TRUE))
      return ResultFromScode(SELFREG_E_CLASS);
 
    // Mark the control as safe for initializing.
                                             
    hr = CreateComponentCategory(CATID_SafeForInitializing, 
         L"Controls safely initializable from persistent data!");
    if (FAILED(hr))
      return hr;
 
    hr = RegisterCLSIDInCategory(CLSID_SafeItem, 
         CATID_SafeForInitializing);
    if (FAILED(hr))
        return hr;
 
    // Mark the control as safe for scripting.
 
    hr = CreateComponentCategory(CATID_SafeForScripting, 
                                 L"Controls safely  scriptable!");
    if (FAILED(hr))
        return hr;
 
    hr = RegisterCLSIDInCategory(CLSID_SafeItem, 
                        CATID_SafeForScripting);
    if (FAILED(hr))
        return hr;
 
    return NOERROR;
}

修改DllUnregisterServer方法:

STDAPI DllUnregisterServer(void)
{
    HRESULT hr;    // HResult used by Safety Functions
 
    AFX_MANAGE_STATE(_afxModuleAddrThis);
 
    if (!AfxOleUnregisterTypeLib(_tlid, _wVerMajor, _wVerMinor))
      return ResultFromScode(SELFREG_E_TYPELIB);
 
    if (!COleObjectFactoryEx::UpdateRegistryAll(FALSE))
      return ResultFromScode(SELFREG_E_CLASS);
 
    // Remove entries from the registry.
 
    hr=UnRegisterCLSIDInCategory(CLSID_SafeItem, 
                     CATID_SafeForInitializing);
    if (FAILED(hr))
      return hr;
 
    hr=UnRegisterCLSIDInCategory(CLSID_SafeItem, 
                        CATID_SafeForScripting);
    if (FAILED(hr))
      return hr;
 
    return NOERROR;
}

火麒噬日

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
构建一个安全的ActiveX控件

如果希望再IE载入控件的时候不对控件不安全作出警告的信息的话，你必须保证执行代码使用安全的初始化和脚本的Active控件。相关的细节可以参照微软MSDN上的文章“Safe Initialization and Scripting for ActiveX Controls”。本文的后面会给出链接地址。不过我在这篇文章里面看到了大量的错误和冗长的文章。其实只需要在代码中加入DllRegisterSer
复制链接

扫一扫