• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2065
  • Last Modified:

Disable security warnings in an ActiveX WebBrowser control

I'm using a WebBrowser ActiveX control with C++ (and MFC). I'm calling the control's methods through an IWebBrowser2 COM interface.
The point is: I want to be able to have links in the contained HTML code that launch applications. To achieve this, I have the following HTML + VBScript code, which works fine:

<html>
<head>
<script language=VBScript>

sub execute(what)
set objShell=CreateObject("Wscript.Shell")
objShell.Run(what)
end sub

</script>
</head>
<body>
<input type="button" value="notepad" onclick=execute("notepad")>
</body>
</html>

But I get a warning dialog bos telling me that executing that code could not be secure, and asking if I want to continue. I want to configure the WebBrowser control in a way that the warning is not showed.
0
pulupul
Asked:
pulupul
  • 6
  • 3
2 Solutions
 
nonubikCommented:
For this you can just set some registry keys values for IE
They are to be found in
     HKCU\software\microsoft\windows\currentversion\internet settings\zones\
There you have like 5 zones, from minmum level to maximum. They are the settings from IE->Tools->Internet options -> Security tab -> Custom level
You'll just need to find out which one of them (as they are numbers like '1001') need to be reset.

In your case I suspect it's an option that has the radio button set to 'prompt'
0
 
nonubikCommented:
Is 'Run ActiveX controls and plugins' set to 'prompt' ? Or is something about scripting?
0
 
nonubikCommented:
If you cnat tell exactly what option has to be changed, maybe I can help more.
0
Get quick recovery of individual SharePoint items

Free tool – Veeam Explorer for Microsoft SharePoint, enables fast, easy restores of SharePoint sites, documents, libraries and lists — all with no agents to manage and no additional licenses to buy.

 
pulupulAuthor Commented:
But that would change that setting for the whole system, which is a considerable security risk. I need to disable the warning dialog only in my instance of the WebBrowser control.
0
 
nonubikCommented:
Of course. You'll just write a function inside your app that does the following:

retain the old value of that regkey
set it (yep, for the whole system) for your control
put the old value back after finishing.
0
 
pulupulAuthor Commented:
I can't do that, because I have no code that handles the event, everything happens "inside" the WebBrowser control. The other option would be to change the registry key in WebControl creation, and restore it in destruction, but this is not feasible since the control exists during long time periods, and the system would be exposed to attacks in that time.
0
 
meskiCommented:
Are you implementing IObjectSafety inside your ActiveX object?  There's some info on it here.
http://msdn.microsoft.com/workshop/components/activex/safety.asp
0
 
pulupulAuthor Commented:
What is IObjectSafety and what is it for?, I have read the URL but I can't get to understand what is it about. I don't know much about ActiveX.
0
 
nonubikCommented:
If Internet Explorer determines that your control supports IObjectSafety, it calls the IObjectSafety::SetInterfaceSafetyOptions method prior to loading your control in order to determine whether your control is safe for initialization.
0
 
nonubikCommented:
A second way to mark your ActiveX as safe is using the Component Categories Manager, registering some keys. There's a whole example on that link.
0

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

  • 6
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now