开发Activex控件安全

2016/11/01 14:34
阅读数 246

2.浏览该网页后,发现页面提示“在此页上的 ActiveX 控件和本页上的其它部份的交互可能不安全。你想允许这种交互?”

对此我们可以在程序中实现去掉该提示:在spDemoCtrl.h头文件加上#include <objsafe.h> ,然后再CspDemoCtrl的protected下添加如下代码:

   //去掉安全警告 BEGIN
    DECLARE_INTERFACE_MAP()
    BEGIN_INTERFACE_PART(ObjectSafety, IObjectSafety)
        STDMETHOD(GetInterfaceSafetyOptions)(REFIID riid, DWORD __RPC_FAR *pdwSupportedOptions, DWORD __RPC_FAR *pdwEnabledOptions);
        STDMETHOD(SetInterfaceSafetyOptions)(REFIID riid, DWORD dwOptionSetMask, DWORD dwEnabledOptions);
    END_INTERFACE_PART(ObjectSafety)
        //去掉安全警告 END

3.在实现类.cpp的IMPLEMENT_DYNCREATE(CspDemoCtrl, COleControl)这一行后增加如下内容:

//去掉安全警告 BEGIN
BEGIN_INTERFACE_MAP(CspDemoCtrl, COleControl)
    INTERFACE_PART(CspDemoCtrl, IID_IObjectSafety, ObjectSafety)
END_INTERFACE_MAP()
// Implementation of IObjectSafety
STDMETHODIMP CspDemoCtrl::XObjectSafety::GetInterfaceSafetyOptions(
    REFIID riid,
    DWORD __RPC_FAR *pdwSupportedOptions,
    DWORD __RPC_FAR *pdwEnabledOptions)
{
    METHOD_PROLOGUE_EX(CspDemoCtrl, ObjectSafety)
        if (!pdwSupportedOptions || !pdwEnabledOptions)
        {
            return E_POINTER;
        }
        *pdwSupportedOptions = INTERFACESAFE_FOR_UNTRUSTED_CALLER | INTERFACESAFE_FOR_UNTRUSTED_DATA;
        *pdwEnabledOptions = 0;
        if (NULL == pThis->GetInterface(&riid))
        {
            TRACE("Requested interface is not supported.\n");
            return E_NOINTERFACE;
        }
        // What interface is being checked out anyhow?
        OLECHAR szGUID[39];
        int i = StringFromGUID2(riid, szGUID, 39);
        if (riid == IID_IDispatch)
        {
            // Client wants to know if object is safe for scripting
            *pdwEnabledOptions = INTERFACESAFE_FOR_UNTRUSTED_CALLER;
            return S_OK;
        }
        else if (riid == IID_IPersistPropertyBag
            || riid == IID_IPersistStreamInit
            || riid == IID_IPersistStorage
            || riid == IID_IPersistMemory)
        {
            // Those are the persistence interfaces COleControl derived controls support
            // as indicated in AFXCTL.H
            // Client wants to know if object is safe for initializing from persistent data
            *pdwEnabledOptions = INTERFACESAFE_FOR_UNTRUSTED_DATA;
            return S_OK;
        }
        else
        {
            // Find out what interface this is, and decide what options to enable
            //TRACE1("We didn"t account for the safety of this interface, and it"s one we support...\n");
            return E_NOINTERFACE;
        }
}
STDMETHODIMP CspDemoCtrl::XObjectSafety::SetInterfaceSafetyOptions(
    REFIID riid,
    DWORD dwOptionSetMask,
    DWORD dwEnabledOptions)
{
    METHOD_PROLOGUE_EX(CspDemoCtrl, ObjectSafety)
        OLECHAR szGUID[39];
    // What is this interface anyway?
    // We can do a quick lookup in the registry under HKEY_CLASSES_ROOT\Interface
    int i = StringFromGUID2(riid, szGUID, 39);
    if (0 == dwOptionSetMask && 0 == dwEnabledOptions)
    {
        // the control certainly supports NO requests through the specified interface
        // so it"s safe to return S_OK even if the interface isn"t supported.
        return S_OK;
    }
    // Do we support the specified interface?
    if (NULL == pThis->GetInterface(&riid))
    {
        TRACE1("%s is not support.\n", szGUID);
        return E_FAIL;
    }
    if (riid == IID_IDispatch)
    {
        //TRACE("Client asking if it"s safe to call through IDispatch.\n");
        TRACE("In other words, is the control safe for scripting?\n");
        if (INTERFACESAFE_FOR_UNTRUSTED_CALLER == dwOptionSetMask && INTERFACESAFE_FOR_UNTRUSTED_CALLER == dwEnabledOptions)
        {
            return S_OK;
        }
        else
        {
            return E_FAIL;
        }
    }
    else if (riid == IID_IPersistPropertyBag
        || riid == IID_IPersistStreamInit
        || riid == IID_IPersistStorage
        || riid == IID_IPersistMemory)
    {
        //TRACE("Client asking if it"s safe to call through IPersist*.\n");
        //TRACE("In other words, is the control safe for initializing from persistent data?\n");
        if (INTERFACESAFE_FOR_UNTRUSTED_DATA == dwOptionSetMask && INTERFACESAFE_FOR_UNTRUSTED_DATA == dwEnabledOptions)
        {
            return NOERROR;
        }
        else
        {
            return E_FAIL;
        }
    }
    else
    {
        //TRACE("We didn"t account for the safety of %s, and it"s one we support...\n", szGUID);
        return E_FAIL;
    }
}
STDMETHODIMP_(ULONG) CspDemoCtrl::XObjectSafety::AddRef()
{
    METHOD_PROLOGUE_EX_(CspDemoCtrl, ObjectSafety)
        return (ULONG)pThis->ExternalAddRef();
}
STDMETHODIMP_(ULONG) CspDemoCtrl::XObjectSafety::Release()
{
    METHOD_PROLOGUE_EX_(CspDemoCtrl, ObjectSafety)
        return (ULONG)pThis->ExternalRelease();
}
STDMETHODIMP CspDemoCtrl::XObjectSafety::QueryInterface(
    REFIID iid, LPVOID* ppvObj)
{
    METHOD_PROLOGUE_EX_(CspDemoCtrl, ObjectSafety)
        return (HRESULT)pThis->ExternalQueryInterface(&iid, ppvObj);
}
//去掉安全警告 END
展开阅读全文
加载中

作者的其它热门文章

打赏
0
0 收藏
分享
打赏
0 评论
0 收藏
0
分享
返回顶部
顶部