Link to home
Start Free TrialLog in
Avatar of sahnias

asked on

how to trust javascript?

nope this is not a relationship question.. :)

I hv a simple html page with a text box. To check spelling of the text written within the text box I am accessing WinWord.exe spell checker. So I create an instance of WinWord. This does work fine, except for giving me the error sayign that this control is not Trusted.

How can I make this trusted by IE, is there a way I can sign this so that IE thinks that this control is trusted and runs automatically without user intervention?

any ideas or help would be much appreciated

changing the IE internet security settings to run all activeX controls trusted or not is not an option.

Avatar of alkisg
Flag of Greece image

I'm not 100% sure about this, but I think that

* one can issue a certificate that's valid for his *computer* with an office utility called
C:\Program Files\Microsoft Office\OFFICE11\SELFCERT.EXE,
* another utility exists for *domain*-wide certificates,
* and to create a *world*-wide trusted certificate you'll have to buy it from VeriSign etc.

The certificate is then put inside the ActiveX code, not the javascript code.

Are you the author of the ActiveX control, or you're just using it?
Avatar of sahnias


I am the author of the control, if u can call it a control

i just basically create an ActiveXObject(Word.Application)

I checked and for some reason I do not see the SelfCert.exe in my Office installation

Could you provide me with more information on that and on what utility to use for "domain" wide certificates.

the scope of this control is only domain wide at max no need for a "world" certificate

thanks for your help
No, you cannot sign the activexobject, because Word.Application is already signed from microsoft as "not safe for scripting".

So you either need to put your server to the "Trusted sites" on every client, or you may save your html page with an .hta extension, and navigate to it not with Internet Explorer, but with mshta.exe.

Try the following demo:

Select something and then press "Spell"
Avatar of sahnias


for some odd reason..when i click on "spell" nothing happens..

but despite that i can not have it like that..this control has to be within a html page..

isn't there a way to make Word.Application a safe object?
I don't think so... But it is possible to write another activex control that encaptulates Word.Application, and sign it to be trusted by the domain computers... I don't know if anyone has done such a control, try to google it.

> this control has to be within a html page..

Try mshta
Mshta just overrides security settings. You don't have to change anything in your html pages...
Avatar of sahnias


while searching for a solution I found this

so would implementing IObjectSafety work? if so do you know how i can do this in my html page ?
Avatar of alkisg
Flag of Greece image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
> so would implementing IObjectSafety work? if so do you know how i can do this in my html page ?

Just to make this perfectly clear: IObjectSafe can be implement in C++, Delphi etc, but NOT Javascript. Making activeX controls is windows programming, not web-page programming...
Avatar of sahnias


thanks for your help

while i'm trying to search for a wrapper..

going back to your initial idea of using a hta app instead of html , could you give me a simple example of how can I incorporate this spell checking hta into a html page ?

You've already done that, haven't you? You just need to open your existing .htm with mshta, no modifications needed.

If your .htm is not working properly, you may look at this sample code:
Avatar of sahnias


i tried doing this

<IFRAME SRC="F:\spell2.hta" APPLICATION="yes">

but the user now has to allow to download the application and then allow to run it. Now its a two step process.

PS: still hvn't found a wrapper
You can't put .hta files inside a web page.

HTML applications can only be opened with mshta.exe.

==>So the users WON'T be using their browser to see your web page, you'll have to instruct them to use
mshta http://mylocalserver/mypage.htm

Avatar of sahnias


no we can't have that

can't find a wrapper either yet

I'll try to propose perhaps..having the website as a Trusted site, with ActiveX enabled.

...meanwhile i'll still try to find a wrapper

thx for all ur help so far
I think now you're on the right directions... Cheers.