Solved

A RAD Tool to Develop Web Applications Like VB or Delphi.

Posted on 1998-10-18
7
500 Views
Last Modified: 2008-03-06
 I am now building a RAD tool somewhat like VB and Delphi to develop web applications running under IE4.0 ,but I come into some questions,can you help me?
  Here is a most headachy problem: I create a ActiveX Control using VC++ 6.0 for my RAD tool,but when I run it in IE4.0,it always pop up a secure warning dialog box.My question is how to let this dialog box not appearing?
  A second question is whether or not Navigator support ActiveX Control?
  I am waiting for you answer,and maybe I can offer you something about my RAD Tool which is named 'KCOM Space'.
  Thank you!
0
Comment
Question by:linyf
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 10

Expert Comment

by:MasseyM
ID: 1817582
1) Are you running the ActiveX through a server or is it coming right off the HD?  Please expound a little more on this component of the question..

2) Netscape will not support ActiveX unlesss it has a plugin from NCompass installed... You can go to Netscape and search for the plugin...
0
 

Author Comment

by:linyf
ID: 1817583
Thank you, and here is a detail description about my question:

I create an ActiveX Control,and Embed it in HTML like this:

<object classid="clsid:FF930C3E-1699-11D2-98BE-BC50531C9362" width="700" height="412">
 <param name="_Version" value="1.0">
 <param name="_StockProps" value="0">
 <param name="KCOMPageURL" value="C:\hkbs\docs\tb.HKB">
</object>
The Control run in Client site,
and every time I browse it in IE4.0 ,IE first pop up a Secure Warning DialogBox,and say that the control maybe unsecure,and ask whether or not permit initialization and script access.
Having this Messaging box, my ActiveX Control seems unsecure to my user,so I am amxious to know what is wrong with it?
My Control is written using VC++ 6.0 .
By the way, when I use my Control without params like this:
<object classid="clsid:FF930C3E-1699-11D2-98BE-BC50531C9362" width="700" height="412">
</object>
there is no Secure Warning Messaging Box.But because I have to
pass some parameters,so using the control like this is unacceptable.
Can you help me?
0
 
LVL 10

Expert Comment

by:MasseyM
ID: 1817584
Just to answer a quesiton of my own, what happens if you dont use your "KCOMPageURL" parameter?  I have a feeling that the reference to the local HD is what is causing the problem.
0
Create Professional Looking Email Signatures

Create "Professional HTML Email Signatures" with ease.
7 Day Money Back Guarantee if not 100% Satisfied.
Affordable - Try it out for 7 Days Totally Risk Free.
Installers provided for over 45 Email clients.
Both Windows & MAC Supported.
Highly Recommended!

 

Author Comment

by:linyf
ID: 1817585
Thank you ,But when I use the Control without KCOMPageURL parameter,the problem still exist,only when use it without any parameter,can it run properly,why?
Can you mail me ? My email address is linyf@bhm.com.cn .
0
 
LVL 10

Expert Comment

by:MasseyM
ID: 1817586
From Microsoft:  

HOWTO: Mark MFC Controls Safe for Scripting/Initialization
Last reviewed: October 8, 1998
Article ID: Q161873
 
--------------------------------------------------------------------------------

The information in this article applies to:
Microsoft Visual C++, 32-bit Edition, version 4.2, 5.0, 6.0
Microsoft Internet Client Software Development Kit (SDK) version 4.0, 4.01
Microsoft Internet Explorer (Programming) version 4.0, 4.01


SUMMARY
By default, MFC ActiveX controls are not marked as Safe for Scripting and/or Safe for Initialization. This becomes apparent when the control is run in the Internet Explorer with the security level set to medium or high. In either of these modes, warnings may be displayed that the control's data is not safe or that the control may not be safe for scripts to use.

There are two methods that a control can use to eliminate these errors. The first involves the control implementing the IObjectSafety interface and is useful for controls that would like to change their behavior and become "safe" if run in the context of an Internet Browser. The second involves modifying the control's DllRegisterServer function to mark the control "safe" in the registry. This article covers the second of these methods. The first method, implementing the IObjectSafety interface, is covered in the Internet Client SDK.

Please keep in mind that a control should only be marked as safe if it is, in fact, safe. Please refer to the Internet Client SDK documentation for a description of this. See "Safe Initialization and Scripting for ActiveX Controls" under the Component Development Section.

NOTE: This article does not cover how to mark a control safe for downloading. For more information on code download and code signing, please refer to the Internet Client SDK.



MORE INFORMATION
Follow these steps to mark your MFC ActiveX Control as Safe for Scripting and Safe for Initializing:


Implement the CreateComponentCategory and RegisterCLSIDInCategory helper functions by adding the following cathelp.h and cathelp.cpp files to your project.


      CATHELP.H
      =========
      #include "comcat.h"


      // Helper function to create a component category and associated
      // description
      HRESULT CreateComponentCategory(CATID catid, WCHAR* catDescription);


      // Helper function to register a CLSID as belonging to a component
      // category
      HRESULT RegisterCLSIDInCategory(REFCLSID clsid, CATID catid);


      CATHELP.CPP
      ===========
      #include "comcat.h"


      // Helper function to create a component category and associated
      // description
      HRESULT CreateComponentCategory(CATID catid, WCHAR* catDescription)
      {
         ICatRegister* pcr = NULL ;
         HRESULT hr = S_OK ;

         hr = CoCreateInstance(CLSID_StdComponentCategoriesMgr,
                               NULL,
                               CLSCTX_INPROC_SERVER,
                               IID_ICatRegister,
                               (void**)&pcr);
         if (FAILED(hr))
            return hr;

         // Make sure the HKCR\Component Categories\{..catid...}
         // key is registered
         CATEGORYINFO catinfo;
         catinfo.catid = catid;
         catinfo.lcid = 0x0409 ; // english

         // Make sure the provided description is not too long.
         // Only copy the first 127 characters if it is
         int len = wcslen(catDescription);
         if (len>127)
            len = 127;
         wcsncpy(catinfo.szDescription, catDescription, len);
         // Make sure the description is null terminated
         catinfo.szDescription[len] = '\0';

         hr = pcr->RegisterCategories(1, &catinfo);
         pcr->Release();

         return hr;
      }

      // Helper function to register a CLSID as belonging to a component
      // category
      HRESULT RegisterCLSIDInCategory(REFCLSID clsid, CATID catid)
      {
         // Register your component categories information.
         ICatRegister* pcr = NULL ;
         HRESULT hr = S_OK ;
         hr = CoCreateInstance(CLSID_StdComponentCategoriesMgr,
                               NULL,
                               CLSCTX_INPROC_SERVER,
                               IID_ICatRegister,
                               (void**)&pcr);
         if (SUCCEEDED(hr))
         {
            // Register this category as being "implemented" by
            // the class.
            CATID rgcatid[1] ;
            rgcatid[0] = catid;
            hr = pcr->RegisterClassImplCategories(clsid, 1, rgcatid);
         }

         if (pcr != NULL)
            pcr->Release();

         return hr;
      }


Modify the DllRegisterServer to mark the control as safe.Locate the implementation of DllRegisterServer in a .cpp file in yourproject. You will need to add several things to this .cpp file. Includethe file that implements CreateComponentCategory and RegisterCLSIDInCategory:


      #include "CatHelp.h"
Define the GUID associated with the safety component categories:


      const CATID CATID_SafeForScripting     =
      {0x7dd95801,0x9882,0x11cf,{0x9f,0xa9,0x00,0xaa,0x00,0x6c,0x42,0xc4}};
      const CATID CATID_SafeForInitializing  =
      {0x7dd95802,0x9882,0x11cf,{0x9f,0xa9,0x00,0xaa,0x00,0x6c,0x42,0xc4}};

   Define the GUID associated with your control. For simplicity, you can
   borrow the GUID from the IMPLEMENT_OLECREATE_EX macro in the main .cpp
   file for the control. Adjust the format slightly so that it looks like
   the following:

      const GUID CDECL BASED_CODE _ctlid =
      { 0x43bd9e45, 0x328f, 0x11d0,
              { 0xa6, 0xb9, 0x0, 0xaa, 0x0, 0xa7, 0xf, 0xc2 } };

   To mark your control as both Safe for Scripting and Initialization,
   modify the DllRegisterServer function as follows:

      STDAPI DllRegisterServer(void)
      {
          AFX_MANAGE_STATE(_afxModuleAddrThis);

          if (!AfxOleRegisterTypeLib(AfxGetInstanceHandle(), _tlid))
              return ResultFromScode(SELFREG_E_TYPELIB);

          if (!COleObjectFactoryEx::UpdateRegistryAll(TRUE))
              return ResultFromScode(SELFREG_E_CLASS);

          if (FAILED( CreateComponentCategory(
                  CATID_SafeForScripting,
                  L"Controls that are safely scriptable") ))
                return ResultFromScode(SELFREG_E_CLASS);

          if (FAILED( CreateComponentCategory(
                  CATID_SafeForInitializing,
                  L"Controls safely initializable from persistent data") ))
                return ResultFromScode(SELFREG_E_CLASS);

          if (FAILED( RegisterCLSIDInCategory(
                  _ctlid, CATID_SafeForScripting) ))
                return ResultFromScode(SELFREG_E_CLASS);

          if (FAILED( RegisterCLSIDInCategory(
                  _ctlid, CATID_SafeForInitializing) ))
                return ResultFromScode(SELFREG_E_CLASS);

          return NOERROR;
      }

You would not normally modify the DllUnregisterServer function for these two reasons:
You would not want to remove a component category because other controls may be using it.
Although there is an UnRegisterCLSIDInCategory function defined, by default DllUnregisterServer removes the control's entry from the registry entirely. Therefore, removing the category from the control's registration is of little use.

After compiling and registering your control, you should find the following entries in the registry:

   HKEY_CLASSES_ROOT\Component
   Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}

   HKEY_CLASSES_ROOT\Component
   Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}

   HKEY_CLASSES_ROOT\CLSID\{"your controls GUID"}\Implemented
   Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}

   HKEY_CLASSES_ROOT\CLSID\{"your controls GUID"}\Implemented
   Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}

REFERENCES
Internet Client SDK - Component Development - Safe Initialization and Scripting for ActiveX Controls

 


         
Did this information help answer your question?
 
    Yes     No     Didn't apply
   
Please comment.
Comment can be up to 255 characters.
 
 
 



--------------------------------------------------------------------------------
Additional query words: safety scripting persistence initialization
Keywords : AXSDKControls MfcOLE InetSDKSafeControl kbvc600 kbvc500 kbvc420 kbMFC kbole kbfasttip
Technology : kbole kbmfc
Version : Winnt:4.2,5.0,6.0
Platform : winnt
Issue type : kbhowto


THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.  

Last reviewed: October 8, 1998
) 1998 Microsoft Corporation. All rights reserved. Terms of Use.


0
 

Author Comment

by:linyf
ID: 1817587
Thank you very much!
That answer is just what I want. Thank you again!
0
 
LVL 10

Accepted Solution

by:
MasseyM earned 50 total points
ID: 1817588
Here is the post of the answer.  P.S. Can I preview your program?  email me at masseym@hotmail.com
Thanks.
0

Featured Post

Create Professional Looking Email Signatures

Create "Professional HTML Email Signatures" with ease.
7 Day Money Back Guarantee if not 100% Satisfied.
Affordable - Try it out for 7 Days Totally Risk Free.
Installers provided for over 45 Email clients.
Both Windows & MAC Supported.
Highly Recommended!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Chrome SSRS print Functionality 1 85
What is the best password manager? 12 189
How to remove http://search.searchbuscar.com from FireFox 19 125
Chrome won't open  - win 10 6 69
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
Several part series to implement Internet Explorer 11 Enterprise Mode
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question