linyf
asked on
A RAD Tool to Develop Web Applications Like VB or Delphi.
I am now building a RAD tool somewhat like VB and Delphi to develop web applications running under IE4.0 ,but I come into some questions,can you help me?
Here is a most headachy problem: I create a ActiveX Control using VC++ 6.0 for my RAD tool,but when I run it in IE4.0,it always pop up a secure warning dialog box.My question is how to let this dialog box not appearing?
A second question is whether or not Navigator support ActiveX Control?
I am waiting for you answer,and maybe I can offer you something about my RAD Tool which is named 'KCOM Space'.
Thank you!
Here is a most headachy problem: I create a ActiveX Control using VC++ 6.0 for my RAD tool,but when I run it in IE4.0,it always pop up a secure warning dialog box.My question is how to let this dialog box not appearing?
A second question is whether or not Navigator support ActiveX Control?
I am waiting for you answer,and maybe I can offer you something about my RAD Tool which is named 'KCOM Space'.
Thank you!
ASKER
Thank you, and here is a detail description about my question:
I create an ActiveX Control,and Embed it in HTML like this:
<object classid="clsid:FF930C3E-16 99-11D2-98 BE-BC50531 C9362" width="700" height="412">
<param name="_Version" value="1.0">
<param name="_StockProps" value="0">
<param name="KCOMPageURL" value="C:\hkbs\docs\tb.HKB ">
</object>
The Control run in Client site,
and every time I browse it in IE4.0 ,IE first pop up a Secure Warning DialogBox,and say that the control maybe unsecure,and ask whether or not permit initialization and script access.
Having this Messaging box, my ActiveX Control seems unsecure to my user,so I am amxious to know what is wrong with it?
My Control is written using VC++ 6.0 .
By the way, when I use my Control without params like this:
<object classid="clsid:FF930C3E-16 99-11D2-98 BE-BC50531 C9362" width="700" height="412">
</object>
there is no Secure Warning Messaging Box.But because I have to
pass some parameters,so using the control like this is unacceptable.
Can you help me?
I create an ActiveX Control,and Embed it in HTML like this:
<object classid="clsid:FF930C3E-16
<param name="_Version" value="1.0">
<param name="_StockProps" value="0">
<param name="KCOMPageURL" value="C:\hkbs\docs\tb.HKB
</object>
The Control run in Client site,
and every time I browse it in IE4.0 ,IE first pop up a Secure Warning DialogBox,and say that the control maybe unsecure,and ask whether or not permit initialization and script access.
Having this Messaging box, my ActiveX Control seems unsecure to my user,so I am amxious to know what is wrong with it?
My Control is written using VC++ 6.0 .
By the way, when I use my Control without params like this:
<object classid="clsid:FF930C3E-16
</object>
there is no Secure Warning Messaging Box.But because I have to
pass some parameters,so using the control like this is unacceptable.
Can you help me?
Just to answer a quesiton of my own, what happens if you dont use your "KCOMPageURL" parameter? I have a feeling that the reference to the local HD is what is causing the problem.
ASKER
Thank you ,But when I use the Control without KCOMPageURL parameter,the problem still exist,only when use it without any parameter,can it run properly,why?
Can you mail me ? My email address is linyf@bhm.com.cn .
Can you mail me ? My email address is linyf@bhm.com.cn .
From Microsoft:
HOWTO: Mark MFC Controls Safe for Scripting/Initialization
Last reviewed: October 8, 1998
Article ID: Q161873
-------------------------- ---------- ---------- ---------- ---------- ---------- ----
The information in this article applies to:
Microsoft Visual C++, 32-bit Edition, version 4.2, 5.0, 6.0
Microsoft Internet Client Software Development Kit (SDK) version 4.0, 4.01
Microsoft Internet Explorer (Programming) version 4.0, 4.01
SUMMARY
By default, MFC ActiveX controls are not marked as Safe for Scripting and/or Safe for Initialization. This becomes apparent when the control is run in the Internet Explorer with the security level set to medium or high. In either of these modes, warnings may be displayed that the control's data is not safe or that the control may not be safe for scripts to use.
There are two methods that a control can use to eliminate these errors. The first involves the control implementing the IObjectSafety interface and is useful for controls that would like to change their behavior and become "safe" if run in the context of an Internet Browser. The second involves modifying the control's DllRegisterServer function to mark the control "safe" in the registry. This article covers the second of these methods. The first method, implementing the IObjectSafety interface, is covered in the Internet Client SDK.
Please keep in mind that a control should only be marked as safe if it is, in fact, safe. Please refer to the Internet Client SDK documentation for a description of this. See "Safe Initialization and Scripting for ActiveX Controls" under the Component Development Section.
NOTE: This article does not cover how to mark a control safe for downloading. For more information on code download and code signing, please refer to the Internet Client SDK.
MORE INFORMATION
Follow these steps to mark your MFC ActiveX Control as Safe for Scripting and Safe for Initializing:
Implement the CreateComponentCategory and RegisterCLSIDInCategory helper functions by adding the following cathelp.h and cathelp.cpp files to your project.
CATHELP.H
=========
#include "comcat.h"
// Helper function to create a component category and associated
// description
HRESULT CreateComponentCategory(CA TID catid, WCHAR* catDescription);
// Helper function to register a CLSID as belonging to a component
// category
HRESULT RegisterCLSIDInCategory(RE FCLSID clsid, CATID catid);
CATHELP.CPP
===========
#include "comcat.h"
// Helper function to create a component category and associated
// description
HRESULT CreateComponentCategory(CA TID catid, WCHAR* catDescription)
{
ICatRegister* pcr = NULL ;
HRESULT hr = S_OK ;
hr = CoCreateInstance(CLSID_Std ComponentC ategoriesM gr,
NULL,
CLSCTX_INPROC_SERVER,
IID_ICatRegister,
(void**)&pcr);
if (FAILED(hr))
return hr;
// Make sure the HKCR\Component Categories\{..catid...}
// key is registered
CATEGORYINFO catinfo;
catinfo.catid = catid;
catinfo.lcid = 0x0409 ; // english
// Make sure the provided description is not too long.
// Only copy the first 127 characters if it is
int len = wcslen(catDescription);
if (len>127)
len = 127;
wcsncpy(catinfo.szDescript ion, catDescription, len);
// Make sure the description is null terminated
catinfo.szDescription[len] = '\0';
hr = pcr->RegisterCategories(1, &catinfo);
pcr->Release();
return hr;
}
// Helper function to register a CLSID as belonging to a component
// category
HRESULT RegisterCLSIDInCategory(RE FCLSID clsid, CATID catid)
{
// Register your component categories information.
ICatRegister* pcr = NULL ;
HRESULT hr = S_OK ;
hr = CoCreateInstance(CLSID_Std ComponentC ategoriesM gr,
NULL,
CLSCTX_INPROC_SERVER,
IID_ICatRegister,
(void**)&pcr);
if (SUCCEEDED(hr))
{
// Register this category as being "implemented" by
// the class.
CATID rgcatid[1] ;
rgcatid[0] = catid;
hr = pcr->RegisterClassImplCate gories(cls id, 1, rgcatid);
}
if (pcr != NULL)
pcr->Release();
return hr;
}
Modify the DllRegisterServer to mark the control as safe.Locate the implementation of DllRegisterServer in a .cpp file in yourproject. You will need to add several things to this .cpp file. Includethe file that implements CreateComponentCategory and RegisterCLSIDInCategory:
#include "CatHelp.h"
Define the GUID associated with the safety component categories:
const CATID CATID_SafeForScripting =
{0x7dd95801,0x9882,0x11cf, {0x9f,0xa9 ,0x00,0xaa ,0x00,0x6c ,0x42,0xc4 }};
const CATID CATID_SafeForInitializing =
{0x7dd95802,0x9882,0x11cf, {0x9f,0xa9 ,0x00,0xaa ,0x00,0x6c ,0x42,0xc4 }};
Define the GUID associated with your control. For simplicity, you can
borrow the GUID from the IMPLEMENT_OLECREATE_EX macro in the main .cpp
file for the control. Adjust the format slightly so that it looks like
the following:
const GUID CDECL BASED_CODE _ctlid =
{ 0x43bd9e45, 0x328f, 0x11d0,
{ 0xa6, 0xb9, 0x0, 0xaa, 0x0, 0xa7, 0xf, 0xc2 } };
To mark your control as both Safe for Scripting and Initialization,
modify the DllRegisterServer function as follows:
STDAPI DllRegisterServer(void)
{
AFX_MANAGE_STATE(_afxModul eAddrThis) ;
if (!AfxOleRegisterTypeLib(Af xGetInstan ceHandle() , _tlid))
return ResultFromScode(SELFREG_E_ TYPELIB);
if (!COleObjectFactoryEx::Upd ateRegistr yAll(TRUE) )
return ResultFromScode(SELFREG_E_ CLASS);
if (FAILED( CreateComponentCategory(
CATID_SafeForScripting,
L"Controls that are safely scriptable") ))
return ResultFromScode(SELFREG_E_ CLASS);
if (FAILED( CreateComponentCategory(
CATID_SafeForInitializing,
L"Controls safely initializable from persistent data") ))
return ResultFromScode(SELFREG_E_ CLASS);
if (FAILED( RegisterCLSIDInCategory(
_ctlid, CATID_SafeForScripting) ))
return ResultFromScode(SELFREG_E_ CLASS);
if (FAILED( RegisterCLSIDInCategory(
_ctlid, CATID_SafeForInitializing) ))
return ResultFromScode(SELFREG_E_ CLASS);
return NOERROR;
}
You would not normally modify the DllUnregisterServer function for these two reasons:
You would not want to remove a component category because other controls may be using it.
Although there is an UnRegisterCLSIDInCategory function defined, by default DllUnregisterServer removes the control's entry from the registry entirely. Therefore, removing the category from the control's registration is of little use.
After compiling and registering your control, you should find the following entries in the registry:
HKEY_CLASSES_ROOT\Componen t
Categories\{7DD95801-9882- 11CF-9FA9- 00AA006C42 C4}
HKEY_CLASSES_ROOT\Componen t
Categories\{7DD95802-9882- 11CF-9FA9- 00AA006C42 C4}
HKEY_CLASSES_ROOT\CLSID\{" your controls GUID"}\Implemented
Categories\{7DD95801-9882- 11CF-9FA9- 00AA006C42 C4}
HKEY_CLASSES_ROOT\CLSID\{" your controls GUID"}\Implemented
Categories\{7DD95802-9882- 11CF-9FA9- 00AA006C42 C4}
REFERENCES
Internet Client SDK - Component Development - Safe Initialization and Scripting for ActiveX Controls
Did this information help answer your question?
Yes No Didn't apply
Please comment.
Comment can be up to 255 characters.
-------------------------- ---------- ---------- ---------- ---------- ---------- ----
Additional query words: safety scripting persistence initialization
Keywords : AXSDKControls MfcOLE InetSDKSafeControl kbvc600 kbvc500 kbvc420 kbMFC kbole kbfasttip
Technology : kbole kbmfc
Version : Winnt:4.2,5.0,6.0
Platform : winnt
Issue type : kbhowto
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
Last reviewed: October 8, 1998
) 1998 Microsoft Corporation. All rights reserved. Terms of Use.
HOWTO: Mark MFC Controls Safe for Scripting/Initialization
Last reviewed: October 8, 1998
Article ID: Q161873
--------------------------
The information in this article applies to:
Microsoft Visual C++, 32-bit Edition, version 4.2, 5.0, 6.0
Microsoft Internet Client Software Development Kit (SDK) version 4.0, 4.01
Microsoft Internet Explorer (Programming) version 4.0, 4.01
SUMMARY
By default, MFC ActiveX controls are not marked as Safe for Scripting and/or Safe for Initialization. This becomes apparent when the control is run in the Internet Explorer with the security level set to medium or high. In either of these modes, warnings may be displayed that the control's data is not safe or that the control may not be safe for scripts to use.
There are two methods that a control can use to eliminate these errors. The first involves the control implementing the IObjectSafety interface and is useful for controls that would like to change their behavior and become "safe" if run in the context of an Internet Browser. The second involves modifying the control's DllRegisterServer function to mark the control "safe" in the registry. This article covers the second of these methods. The first method, implementing the IObjectSafety interface, is covered in the Internet Client SDK.
Please keep in mind that a control should only be marked as safe if it is, in fact, safe. Please refer to the Internet Client SDK documentation for a description of this. See "Safe Initialization and Scripting for ActiveX Controls" under the Component Development Section.
NOTE: This article does not cover how to mark a control safe for downloading. For more information on code download and code signing, please refer to the Internet Client SDK.
MORE INFORMATION
Follow these steps to mark your MFC ActiveX Control as Safe for Scripting and Safe for Initializing:
Implement the CreateComponentCategory and RegisterCLSIDInCategory helper functions by adding the following cathelp.h and cathelp.cpp files to your project.
CATHELP.H
=========
#include "comcat.h"
// Helper function to create a component category and associated
// description
HRESULT CreateComponentCategory(CA
// Helper function to register a CLSID as belonging to a component
// category
HRESULT RegisterCLSIDInCategory(RE
CATHELP.CPP
===========
#include "comcat.h"
// Helper function to create a component category and associated
// description
HRESULT CreateComponentCategory(CA
{
ICatRegister* pcr = NULL ;
HRESULT hr = S_OK ;
hr = CoCreateInstance(CLSID_Std
NULL,
CLSCTX_INPROC_SERVER,
IID_ICatRegister,
(void**)&pcr);
if (FAILED(hr))
return hr;
// Make sure the HKCR\Component Categories\{..catid...}
// key is registered
CATEGORYINFO catinfo;
catinfo.catid = catid;
catinfo.lcid = 0x0409 ; // english
// Make sure the provided description is not too long.
// Only copy the first 127 characters if it is
int len = wcslen(catDescription);
if (len>127)
len = 127;
wcsncpy(catinfo.szDescript
// Make sure the description is null terminated
catinfo.szDescription[len]
hr = pcr->RegisterCategories(1,
pcr->Release();
return hr;
}
// Helper function to register a CLSID as belonging to a component
// category
HRESULT RegisterCLSIDInCategory(RE
{
// Register your component categories information.
ICatRegister* pcr = NULL ;
HRESULT hr = S_OK ;
hr = CoCreateInstance(CLSID_Std
NULL,
CLSCTX_INPROC_SERVER,
IID_ICatRegister,
(void**)&pcr);
if (SUCCEEDED(hr))
{
// Register this category as being "implemented" by
// the class.
CATID rgcatid[1] ;
rgcatid[0] = catid;
hr = pcr->RegisterClassImplCate
}
if (pcr != NULL)
pcr->Release();
return hr;
}
Modify the DllRegisterServer to mark the control as safe.Locate the implementation of DllRegisterServer in a .cpp file in yourproject. You will need to add several things to this .cpp file. Includethe file that implements CreateComponentCategory and RegisterCLSIDInCategory:
#include "CatHelp.h"
Define the GUID associated with the safety component categories:
const CATID CATID_SafeForScripting =
{0x7dd95801,0x9882,0x11cf,
const CATID CATID_SafeForInitializing =
{0x7dd95802,0x9882,0x11cf,
Define the GUID associated with your control. For simplicity, you can
borrow the GUID from the IMPLEMENT_OLECREATE_EX macro in the main .cpp
file for the control. Adjust the format slightly so that it looks like
the following:
const GUID CDECL BASED_CODE _ctlid =
{ 0x43bd9e45, 0x328f, 0x11d0,
{ 0xa6, 0xb9, 0x0, 0xaa, 0x0, 0xa7, 0xf, 0xc2 } };
To mark your control as both Safe for Scripting and Initialization,
modify the DllRegisterServer function as follows:
STDAPI DllRegisterServer(void)
{
AFX_MANAGE_STATE(_afxModul
if (!AfxOleRegisterTypeLib(Af
return ResultFromScode(SELFREG_E_
if (!COleObjectFactoryEx::Upd
return ResultFromScode(SELFREG_E_
if (FAILED( CreateComponentCategory(
CATID_SafeForScripting,
L"Controls that are safely scriptable") ))
return ResultFromScode(SELFREG_E_
if (FAILED( CreateComponentCategory(
CATID_SafeForInitializing,
L"Controls safely initializable from persistent data") ))
return ResultFromScode(SELFREG_E_
if (FAILED( RegisterCLSIDInCategory(
_ctlid, CATID_SafeForScripting) ))
return ResultFromScode(SELFREG_E_
if (FAILED( RegisterCLSIDInCategory(
_ctlid, CATID_SafeForInitializing)
return ResultFromScode(SELFREG_E_
return NOERROR;
}
You would not normally modify the DllUnregisterServer function for these two reasons:
You would not want to remove a component category because other controls may be using it.
Although there is an UnRegisterCLSIDInCategory function defined, by default DllUnregisterServer removes the control's entry from the registry entirely. Therefore, removing the category from the control's registration is of little use.
After compiling and registering your control, you should find the following entries in the registry:
HKEY_CLASSES_ROOT\Componen
Categories\{7DD95801-9882-
HKEY_CLASSES_ROOT\Componen
Categories\{7DD95802-9882-
HKEY_CLASSES_ROOT\CLSID\{"
Categories\{7DD95801-9882-
HKEY_CLASSES_ROOT\CLSID\{"
Categories\{7DD95802-9882-
REFERENCES
Internet Client SDK - Component Development - Safe Initialization and Scripting for ActiveX Controls
Did this information help answer your question?
Yes No Didn't apply
Please comment.
Comment can be up to 255 characters.
--------------------------
Additional query words: safety scripting persistence initialization
Keywords : AXSDKControls MfcOLE InetSDKSafeControl kbvc600 kbvc500 kbvc420 kbMFC kbole kbfasttip
Technology : kbole kbmfc
Version : Winnt:4.2,5.0,6.0
Platform : winnt
Issue type : kbhowto
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
Last reviewed: October 8, 1998
) 1998 Microsoft Corporation. All rights reserved. Terms of Use.
ASKER
Thank you very much!
That answer is just what I want. Thank you again!
That answer is just what I want. Thank you again!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
2) Netscape will not support ActiveX unlesss it has a plugin from NCompass installed... You can go to Netscape and search for the plugin...