Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

How can I make activeXObject safe for scripting in VBA?

Posted on 2014-02-02
10
Medium Priority
?
831 Views
Last Modified: 2014-02-07
I have a PowerPoint macro with a webBrowser control that contains a JavaScript function which has the line: "var APP = new activeXObject('PowerPoint.Application'); in it.  If IE has its security settings for "Initialize and script ActiveXcontrols not marked as safe for scripting" as disabled, you will get the "Automation Server can't create object" error.

I need to create the PowerPoint object so I can send information from the webBrowser control to the VBA program.  It calls a function in a module with: App.run('PPTupload!JavascriptConnector') where the JavascriptConnector is the name of the function.

Many of the people who would use this macro have their browsers locked down so they wouldn't be able to change the ActiveX control security setting.  So, I would like to know if there is a way to make the JavaScript code in the webBrowser control safe for scripting?
0
Comment
Question by:StarDusterII
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 3
10 Comments
 
LVL 27

Expert Comment

by:MacroShadow
ID: 39828841
0
 
LVL 27

Expert Comment

by:MacroShadow
ID: 39828844
I found omissions and mistakes in this article that I have corrected for presentation in this article. Basically, all that needs to be done is to add code to the DllRegisterServer and DllUnregisterServer methods. The following is a step-by-step guide for making your ActiveX control safe:
http://www.codeproject.com/Articles/14533/A-Complete-ActiveX-Web-Control-Tutorial
0
 

Author Comment

by:StarDusterII
ID: 39835509
Problem is... it's not an activeX control.   It's Javascript embedded in a webBrowser control in a PowerPoint VBA.  As I said in the original post, when the line " "var APP = new activeXObject('PowerPoint.Application'); " is reached in Javascript, I get the error.  The sequence is:

- In PowerPoint vba, put an html page in webBrowser control
- html page contains javascript with the call activeXObject to create a PPT object
- javascript function with that call to activeXobject is called by event in webBrowser
- error happens then

I'm bascially callling a function in my PowerPoint vba from the javascript function in the webBrowser control.
0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 
LVL 27

Expert Comment

by:MacroShadow
ID: 39835578
var APP = new activeXObject('PowerPoint.Application');

Open in new window

should read
var APP = new activeXObject("PowerPoint.Application");

Open in new window


and
App.run('PPTupload!JavascriptConnector')

Open in new window

should read
App.run("JavascriptConnector")

Open in new window

0
 
LVL 13

Accepted Solution

by:
John Mc Hale earned 2000 total points
ID: 39837153
Hi StarDusterII,

The CLSID for PowerPoint.Application is {91493441-5A91-11CF-8700-00AA0060263B}
If you search the Winows Registry Hive Subkey HKEY_CLASSES_ROOT\CLSID for this value you will note that this Subkey only has an InprocServer32 Subkey. This in essence means that "PowerPoint.Application" is inherently unsafe for scripting.

According to any documentation i've read on this topic, for an ActiveX control to be marked "safe for scripting"; it must have the Implemented Category "CATID_SafeForScripting" {7DD95801-9882-11CF-9FA9-00AA006C42C4}, and possibly also  "CATID_SafeForInitializing" {7DD95802-9882-11CF-9FA9-00AA006C42C4}.

Since PowerPoint.Application has neither of these, it can neither be initialized of scripted safely from untrusted code.

I'm not suggesting you do this as you will be enabling Microsoft PowerPoint to do something it was clearly intended not to allow, but you could manually include these entries under the subkey HKEY_CLASSES_ROOT\CLSID\{91493443-5A91-11CF-8700-00AA0060263B}.

(1). Create a new key under the subkey, named Implemented Categories
(2). Under the key Implemented Categories, create a new key named {7DD95801-9882-11CF-9FA9-00AA006C42C4} with not value.
(3). If necessary under the key Implemented Categories, create a new key named {7DD95802-9882-11CF-9FA9-00AA006C42C4}; once again with no value.

I haven't tried this myself because I have no situation that requires me to script  a PowerPoint.Application component; but this should give you an indication as to whether or not this strategy will work. Bear in mind, however, that this could leave PowerPoint vunerable to attack from a PowerPoint presentation file containing malicious code.

Best of luck.
0
 

Author Comment

by:StarDusterII
ID: 39840393
fredthered, interesting... I've thought about that too.  Unfortunately, while I could do that, I couldn't expect all the "real" users would be able to change their registry.  In fact, it's locked down for most of them.  I'll try it when I have time just to see if it works.
0
 

Author Comment

by:StarDusterII
ID: 39840413
MacroShadow, bit of a stretch thiking that was going to get rid of the safe for scripting errors, but I gave it a go anyway.  No change in the error.  I think fredthered might have the answer... which is basically, no way given my situation with the inability to change code.
0
 
LVL 13

Expert Comment

by:John Mc Hale
ID: 39840856
StarDusterII,

I think this MSDN article provides some useful information on designing ActiveX controls that are safe for scripting and initialization.

Just a thought; but if you knew a fairly decent C++ coder that could develop a simple wrapper control which would create an instance of PowerPoint.Application, implement the features necessary to make the control safe for scripting/initialization, and return an interface pointer to the "wrapped" PowerPoint.Application object?

Regards.
0
 
LVL 13

Expert Comment

by:John Mc Hale
ID: 39840869
Sorry for re-posting a link to an article that MacroShadow has already highlighted :<
0
 

Author Closing Comment

by:StarDusterII
ID: 39842358
Looks like no way to inherently make the code safe for scripting.  This would essentially do it but is unfortunately not possible for my particular situation.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article helps those who get the 0xc004d307 error when trying to rearm (reset the license) Office 2013 in a Virtual Desktop Infrastructure (VDI) and/or those trying to prep the master image for Microsoft Key Management (KMS) activation. (i.e.- C…
With its various features, Office 365 can not only help you with your day-to-day business tasks, it can also do wonders for your marketing campaign.
Learn how to make your own table of contents in Microsoft Word using paragraph styles and the automatic table of contents tool. We'll be using the paragraph styles in Word’s Home toolbar to help you create a table of contents. Type out your initial …
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question