-
May 13th, 2005, 03:16 AM
#1
Thread Starter
Lively Member
VB - ActiveX Tutorial: Run Web Based Controls w/o changing IE Settings.
----------------------------------------------------------------------------------------------------
ARTICLE NAME : IMPLEMENTING YOUR ACTIVEX CONTROLS SAFE FOR SCRIPTING AND INITIALIZATION
ARTICLE TYPE : Tutorial for ActiveX developed in Classic Visual Basic
CREATION DATE : 12 May, 2005
AUTHOR : Neo <neo at triotex.com>
REFERENCE : Microsoft KB Article : Q182598
----------------------------------------------------------------------------------------------------
1. TABLE OF CONTENTS
----------------------------------------------------------------------------------------------------
1. TABLE OF CONTENTS .................................................................. #1
2. SUMMARY ............................................................................ #2
3. AGREEMENT .......................................................................... #3
4. DESCRIPTION ........................................................................ #4
5. ABOUT CODESIGNING .................................................................. #5
6. APPLIES TO ......................................................................... #6
7. REFERENCES ......................................................................... #7
----------------------------------------------------------------------------------------------------
-
May 13th, 2005, 03:18 AM
#2
Thread Starter
Lively Member
[Contd] VB - ActiveX Tutorial: Run Web Based Controls w/o changing IE Settings.
----------------------------------------------------------------------------------------------------
2. SUMMARY
----------------------------------------------------------------------------------------------------
This article describes how to implement the IObjectSafety interface in Visual Basic controls to mark the controls safe for scripting and initialization. By default, Visual Basic controls use component category entries in the registry to mark the control safe for scripting and initialization. Implementing the IObjectSafety interface is the preferred method. This article contains all the code that is required to implement this interface in Visual Basic controls.
Please keep in mind that a control should only be marked as safe if it is, IN FACT, SAFE. This means that your control should not contain any malicious code that will be used on the client side. This article does not describe the full details of marking controls as safe for scripting and initialization; it simply demonstrates how to do it in code. Please refer to the Internet Client Software Development Kit (SDK) documentation for a detailed description of this. You may choose the References Section of this Article for more help.
-
May 13th, 2005, 03:19 AM
#3
Thread Starter
Lively Member
[Contd] VB - ActiveX Tutorial: Run Web Based Controls w/o changing IE Settings.
----------------------------------------------------------------------------------------------------
3. AGREEMENT
----------------------------------------------------------------------------------------------------
This article, as is, is not and will not be responsible for any code you may develop from this. You AGREE to the terms that you would not exploit this article for developing any malicious code, such as, a virus, trojan, spyware/adware, or any variant of such kind.
Feel free to link this article in your website, email, forums, etc., if you agree to the fact that the Author of this article is: Neo <neo at triotex.com> (a.k.a CodeBlock in VBForums.com) and any/whole part of this Article will NOT be modified but just kept in tact, as is.
Last edited by CodeBlock; May 13th, 2005 at 07:02 AM.
-
May 13th, 2005, 03:20 AM
#4
Thread Starter
Lively Member
[Contd] VB - ActiveX Tutorial: Run Web Based Controls w/o changing IE Settings.
----------------------------------------------------------------------------------------------------
4. DESCRIPTION
----------------------------------------------------------------------------------------------------
Steps on how to create a simple Visual Basic control and mark it safe for scripting and initialization.
1. Create a new folder where you can save all files that you create in this example.
2. Get the OLE Automation Type Library Generator from the Visual Basic CD-ROM. To do this, copy all four files from the \Common\Tools\VB\Unsupprt\Typlib\ folder to your project folder.
3. Copy the following text into Notepad, and save the file in the project folder as Objsafe.odl:
Code:
[
uuid(C67830E0-D11D-11cf-BD80-00AA00575603),
helpstring("VB IObjectSafety Interface"),
version(1.0)
]
library IObjectSafetyTLB
{
importlib("stdole2.tlb");
[
uuid(CB5BDC81-93C1-11cf-8F20-00805F2CD064),
helpstring("IObjectSafety Interface"),
odl
]
interface IObjectSafety:IUnknown {
[helpstring("GetInterfaceSafetyOptions")]
HRESULT GetInterfaceSafetyOptions(
[in] long riid,
[in] long *pdwSupportedOptions,
[in] long *pdwEnabledOptions);
[helpstring("SetInterfaceSafetyOptions")]
HRESULT SetInterfaceSafetyOptions(
[in] long riid,
[in] long dwOptionsSetMask,
[in] long dwEnabledOptions);
}
}
4. At a command prompt, use the CD <path> command to move to the project folder, and type the following command to generate a .tlb file:
MKTYPLIB objsafe.odl /tlb objsafe.tlb
5. From Visual Basic, create an ActiveX Control project. In the Properties list, change the name of the project to IObjSafety and the name of the control to DemoCtl. Put a CommandButton named cmdTest on the control. In the Click event handler of the cmdTest, put a MsgBox "Test" statement.
6. On the Project menu, click References, browse to and add Objsafe.tlb, which you created earlier.
7. Add a new module to your project with the following code, and name the module basSafeCtl:
VB Code:
Option Explicit
Public Const IID_IDispatch = "{00020400-0000-0000-C000-000000000046}"
Public Const IID_IPersistStorage = _
"{0000010A-0000-0000-C000-000000000046}"
Public Const IID_IPersistStream = _
"{00000109-0000-0000-C000-000000000046}"
Public Const IID_IPersistPropertyBag = _
"{37D84F60-42CB-11CE-8135-00AA004BB851}"
Public Const INTERFACESAFE_FOR_UNTRUSTED_CALLER = &H1
Public Const INTERFACESAFE_FOR_UNTRUSTED_DATA = &H2
Public Const E_NOINTERFACE = &H80004002
Public Const E_FAIL = &H80004005
Public Const MAX_GUIDLEN = 40
Public Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" _
(pDest As Any, pSource As Any, ByVal ByteLen As Long)
Public Declare Function StringFromGUID2 Lib "ole32.dll" (rguid As _
Any, ByVal lpstrClsId As Long, ByVal cbMax As Integer) As Long
Public Type udtGUID
Data1 As Long
Data2 As Integer
Data3 As Integer
Data4(7) As Byte
End Type
Public m_fSafeForScripting As Boolean
Public m_fSafeForInitializing As Boolean
Sub Main()
m_fSafeForScripting = True
m_fSafeForInitializing = True
End Sub
8. From Project Properties, change the Startup Object to Sub Main to execute the Sub Main above. Use the m_fSafeForScripting and m_fSafeForInitializing variables to specify the values of safe for the scripting and/or initialization variables. Make them both true, if you dont want to change your IE Settings
9. Open the code window of your control. Add the following line of code to the Declaration section (right after Option Explicit or as the first), ie., General Declarations:
10. Copy the following two procedures to your control code:
VB Code:
Private Sub IObjectSafety_GetInterfaceSafetyOptions(ByVal riid As _
Long, pdwSupportedOptions As Long, pdwEnabledOptions As Long)
Dim Rc As Long
Dim rClsId As udtGUID
Dim IID As String
Dim bIID() As Byte
pdwSupportedOptions = INTERFACESAFE_FOR_UNTRUSTED_CALLER Or _
INTERFACESAFE_FOR_UNTRUSTED_DATA
If (riid <> 0) Then
CopyMemory rClsId, ByVal riid, Len(rClsId)
bIID = String$(MAX_GUIDLEN, 0)
Rc = StringFromGUID2(rClsId, VarPtr(bIID(0)), MAX_GUIDLEN)
Rc = InStr(1, bIID, vbNullChar) - 1
IID = Left$(UCase(bIID), Rc)
Select Case IID
Case IID_IDispatch
pdwEnabledOptions = IIf(m_fSafeForScripting, _
INTERFACESAFE_FOR_UNTRUSTED_CALLER, 0)
Exit Sub
Case IID_IPersistStorage, IID_IPersistStream, _
IID_IPersistPropertyBag
pdwEnabledOptions = IIf(m_fSafeForInitializing, _
INTERFACESAFE_FOR_UNTRUSTED_DATA, 0)
Exit Sub
Case Else
Err.Raise E_NOINTERFACE
Exit Sub
End Select
End If
End Sub
Private Sub IObjectSafety_SetInterfaceSafetyOptions(ByVal riid As _
Long, ByVal dwOptionsSetMask As Long, ByVal dwEnabledOptions As Long)
Dim Rc As Long
Dim rClsId As udtGUID
Dim IID As String
Dim bIID() As Byte
If (riid <> 0) Then
CopyMemory rClsId, ByVal riid, Len(rClsId)
bIID = String$(MAX_GUIDLEN, 0)
Rc = StringFromGUID2(rClsId, VarPtr(bIID(0)), MAX_GUIDLEN)
Rc = InStr(1, bIID, vbNullChar) - 1
IID = Left$(UCase(bIID), Rc)
Select Case IID
Case IID_IDispatch
If ((dwEnabledOptions And dwOptionsSetMask) <> _
INTERFACESAFE_FOR_UNTRUSTED_CALLER) Then
Err.Raise E_FAIL
Exit Sub
Else
If Not m_fSafeForScripting Then
Err.Raise E_FAIL
End If
Exit Sub
End If
Case IID_IPersistStorage, IID_IPersistStream, _
IID_IPersistPropertyBag
If ((dwEnabledOptions And dwOptionsSetMask) <> _
INTERFACESAFE_FOR_UNTRUSTED_DATA) Then
Err.Raise E_FAIL
Exit Sub
Else
If Not m_fSafeForInitializing Then
Err.Raise E_FAIL
End If
Exit Sub
End If
Case Else
Err.Raise E_NOINTERFACE
Exit Sub
End Select
End If
End Sub
11. On the File menu, save your project and files. Make an OCX file from your project. Your control now implements the IObjectSafety interface. To test it, insert the control in an .htm file.
SIMPLE WORKING CODE
Points Nos. 7 & 10 can be modified to just have a simpler working Code:
Point No.7 (as in the Module basSafeCtl)
VB Code:
Option Explicit
Public Const INTERFACESAFE_FOR_UNTRUSTED_CALLER = &H1
Public Const INTERFACESAFE_FOR_UNTRUSTED_DATA = &H2
An easier alternative for Point No.10
Point No.10 is BIG because it helps you understand by trying out the different options. If you just want a working code here it is:
VB Code:
Private Sub IObjectSafety_GetInterfaceSafetyOptions(ByVal riid As _
Long, pdwSupportedOptions As Long, pdwEnabledOptions As Long)
pdwSupportedOptions = INTERFACESAFE_FOR_UNTRUSTED_CALLER Or _
INTERFACESAFE_FOR_UNTRUSTED_DATA
pdwSupportedOptions = pdwSupportedOptions ' All options are suported:
' Meaning: Both Untrusted Caller(Scripting) and
' Untrusted Data (Initialization) options are marked Safe.
End Sub
Private Sub IObjectSafety_SetInterfaceSafetyOptions(ByVal riid As _
Long, ByVal dwOptionsSetMask As Long, ByVal dwEnabledOptions As Long)
' This is when your browser asks you to change your settings.
' You can ignore this Sub, if at all u need in a case where the browser
' rejects the settings and sends you back to get notified of the rejection
' or any option change.
End Sub
Last edited by CodeBlock; May 13th, 2005 at 03:25 AM.
-
May 13th, 2005, 03:26 AM
#5
Thread Starter
Lively Member
[Contd] VB - ActiveX Tutorial: Run Web Based Controls w/o changing IE Settings.
----------------------------------------------------------------------------------------------------
5. ABOUT CODESIGNING
----------------------------------------------------------------------------------------------------
But this is not just enough. If you are hosting your files on a server, to be available as a downloadable plugin in your web pages, You must CodeSign your .cab or .ocx file. You can do this by either using the CodeSign Binaries from the Visual Basic SDK (You will find this under the Tools folder of your VStudio6 CD-ROM) (Alternatively, You can download it from here [Self-Extracting EXE] 344 KB).
Or use: http://www.ascertia.com/ (where u have to create an account. TIP: Remember that in the registration process, you have to provide some valid information as they will get reflected in your certificate itself shown to the Client. So, once registered they are included in the certificate. ).
If you need a detailed description on the CodeSigning Process using CodeSign.exe, Follow this link
-
May 13th, 2005, 03:27 AM
#6
Thread Starter
Lively Member
[Contd] VB - ActiveX Tutorial: Run Web Based Controls w/o changing IE Settings.
----------------------------------------------------------------------------------------------------
6. APPLIES TO
----------------------------------------------------------------------------------------------------
• Microsoft Visual Basic 5.0 Control Creation Edition
• Microsoft Visual Basic 5.0 Professional Edition
• Microsoft Visual Basic 6.0 Professional Edition
• Microsoft Visual Basic 5.0 Enterprise Edition
• Microsoft Visual Basic 6.0 Enterprise Edition
• Microsoft Visual Basic 5.0 Learning Edition
• Microsoft Visual Basic 6.0 Learning Edition
• Microsoft Internet Explorer 4.0 128-Bit Edition
• Microsoft Internet Explorer 4.01 Service Pack 2
• Microsoft Internet Explorer 4.01 Service Pack 1
• Microsoft Internet Explorer 4.01 Service Pack 2
• Microsoft Internet Explorer 5.0
• Microsoft Internet Explorer (Programming) 5.01
• Microsoft Internet Explorer (Programming) 5.01 SP1
• Microsoft Internet Explorer (Programming) 5.5
-
May 13th, 2005, 03:27 AM
#7
Thread Starter
Lively Member
[Contd] VB - ActiveX Tutorial: Run Web Based Controls w/o changing IE Settings.
----------------------------------------------------------------------------------------------------
7. REFERENCES
----------------------------------------------------------------------------------------------------
MkTypLib.exe is an old tool that previously shipped with the Platform Software Development Kit (SDK) that comes with Microsoft Visual Studio 6.0. For information on how to install the Platform SDK that comes with Visual Studio 6.0, see the following Microsoft Web site:
http://msdn.microsoft.com/library/ps...usage_4rqu.htm
The current Platform SDK does not come with the MkTypLib.exe tool. For information about what Microsoft products ship the Type Library Compiler (MkTypLib.exe), see the following Microsoft DLL Help database and search on the file name MkTypLib.exe
http://support.microsoft.com/dllhelp
For information about how to invoke MkTypLib, see the following Microsoft Web site:
http://msdn.microsoft.com/library/ps...chap8_6cki.htm
For additional information, click the article numbers below to view the articles in the Microsoft Knowledge Base:
161873 How To Mark MFC Controls Safe for Scripting/Initialization
143258 How To Create Constants and DLL Declarations in a Type Library
131105 SAMPLE: TYPEBLD: How to Use ICreateTypeLib and ICreateTypeInfo
For more information about the IObjectSafety interface, see the following Microsoft Web site:
http://msdn.microsoft.com/workshop/c...jectsafety.asp
For more information about safe initialization and scripting for ActiveX controls, see the following Microsoft Web site:
http://msdn.microsoft.com/workshop/c...vex/safety.asp
For more information about developing Web-based solutions for Microsoft Internet Explorer, visit the following Microsoft Web sites:
http://msdn.microsoft.com/workshop/entry.asp
http://msdn.microsoft.com/ie/
http://support.microsoft.com/highlig...p?FR=0&SD=MSDN
Last edited by CodeBlock; May 13th, 2005 at 03:31 AM.
-
May 13th, 2005, 03:31 AM
#8
Thread Starter
Lively Member
[FEEDBACK] VB - ActiveX Tutorial: Run Web Based Controls w/o changing IE Settings.
Please rate me, if you find this useful.
You may also post your comments/suggestions/doubts on this thread through this link. (Use this link, if you are reading this thread in a section where u cannot post replies)
Contacting through mail: <neo at triotex.com>
You can also PM me to contact through the Forums
Thanks & Regards
Neo a.k.a CodeBlock
Last edited by CodeBlock; May 14th, 2005 at 09:49 AM.
Reason: Included FeedBack Link
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|