VC++开发的ActiveX如何加入安全机制,避免IE中提示“在此页上的ActiveX控件和本页上的其他部分的交互可能不安全,你想允许这种交互吗?”

在EOS6的项目中,如果采用VC++开发的ActiveX,那么第一次运行的时候,IE中就会提示,“在此页上的ActiveX控件和本页上的其他部分的交互可能不安全,你想允许这种交互吗?”在网上找了很多资料,原理介绍的多,但是真正如何做,介绍的比较少,因此这里把实际的步骤一步一步的记录下来了,供大家参考。

 

1.1 去除ActiveX访问时的安全提示

ActiveX第一次被访问时,会出现如下提示框:

 

这是IE浏览器的安全机制造成的,我们可以采用下面的步骤来去除这个提示信息:

1.1.1 CDemoCtl的头文件.h中增加对objsave的引用

#include <objsafe.h> 

1.1.2 在其protected声明区增加如下内容:

//去掉安全警告 BEGIN

DECLARE_INTERFACE_MAP()

BEGIN_INTERFACE_PART(ObjectSafety, IObjectSafety)

STDMETHOD(GetInterfaceSafetyOptions)(REFIID riid, DWORD __RPC_FAR *pdwSupportedOptions, DWORD __RPC_FAR *pdwEnabledOptions);

STDMETHOD(SetInterfaceSafetyOptions)(REFIID riid, DWORD dwOptionSetMask, DWORD dwEnabledOptions);

END_INTERFACE_PART(ObjectSafety)

//去掉安全警告 END

1.1.3 CDemoCtl的实现类.cppIMPLEMENT_DYNCREATE(CActivexFirstCtrl, COleControl)这一行后增加如下内容:

     

//去掉安全警告 BEGIN

BEGIN_INTERFACE_MAP(CDemoCtl, COleControl)

INTERFACE_PART(CDemoCtl, IID_IObjectSafety, ObjectSafety)

END_INTERFACE_MAP()

// Implementation of IObjectSafety

STDMETHODIMP CDemoCtl::XObjectSafety::GetInterfaceSafetyOptions(

REFIID riid,

DWORD __RPC_FAR *pdwSupportedOptions,

DWORD __RPC_FAR *pdwEnabledOptions)

{

METHOD_PROLOGUE_EX(CDemoCtl, ObjectSafety)

if (!pdwSupportedOptions || !pdwEnabledOptions)

{

return E_POINTER;

}

*pdwSupportedOptions = INTERFACESAFE_FOR_UNTRUSTED_CALLER | INTERFACESAFE_FOR_UNTRUSTED_DATA;

*pdwEnabledOptions = 0;

if (NULL == pThis->GetInterface(&riid))

{

TRACE("Requested interface is not supported.\n");

return E_NOINTERFACE;

}

// What interface is being checked out anyhow?

OLECHAR szGUID[39];

int i = StringFromGUID2(riid, szGUID, 39);

if (riid == IID_IDispatch)

{

// Client wants to know if object is safe for scripting

*pdwEnabledOptions = INTERFACESAFE_FOR_UNTRUSTED_CALLER;

return S_OK;

}

else if (riid == IID_IPersistPropertyBag

|| riid == IID_IPersistStreamInit

|| riid == IID_IPersistStorage

|| riid == IID_IPersistMemory)

{

// Those are the persistence interfaces COleControl derived controls support

// as indicated in AFXCTL.H

// Client wants to know if object is safe for initializing from persistent data

*pdwEnabledOptions = INTERFACESAFE_FOR_UNTRUSTED_DATA;

return S_OK;

}

else

{

// Find out what interface this is, and decide what options to enable

TRACE("We didn"t account for the safety of this interface, and it"s one we support...\n");

return E_NOINTERFACE;

}

}

STDMETHODIMP CDemoCtl::XObjectSafety::SetInterfaceSafetyOptions(

REFIID riid,

DWORD dwOptionSetMask,

DWORD dwEnabledOptions)

{

METHOD_PROLOGUE_EX(CDemoCtl, ObjectSafety)

OLECHAR szGUID[39];

// What is this interface anyway?

// We can do a quick lookup in the registry under HKEY_CLASSES_ROOT\Interface

int i = StringFromGUID2(riid, szGUID, 39);

if (0 == dwOptionSetMask && 0 == dwEnabledOptions)

{

// the control certainly supports NO requests through the specified interface

// so it"s safe to return S_OK even if the interface isn"t supported.

return S_OK;

}

// Do we support the specified interface?

if (NULL == pThis->GetInterface(&riid))

{

TRACE1("%s is not support.\n", szGUID);

return E_FAIL;

}

if (riid == IID_IDispatch)

{

TRACE("Client asking if it"s safe to call through IDispatch.\n");

TRACE("In other words, is the control safe for scripting?\n");

if (INTERFACESAFE_FOR_UNTRUSTED_CALLER == dwOptionSetMask && INTERFACESAFE_FOR_UNTRUSTED_CALLER == dwEnabledOptions)

{

return S_OK;

}

else

{

return E_FAIL;

}

}

else if (riid == IID_IPersistPropertyBag

|| riid == IID_IPersistStreamInit

|| riid == IID_IPersistStorage

|| riid == IID_IPersistMemory)

{

TRACE("Client asking if it"s safe to call through IPersist*.\n");

TRACE("In other words, is the control safe for initializing from persistent data?\n");

if (INTERFACESAFE_FOR_UNTRUSTED_DATA == dwOptionSetMask && INTERFACESAFE_FOR_UNTRUSTED_DATA == dwEnabledOptions)

{

return NOERROR;

}

else

{

return E_FAIL;

}

}

else

{

TRACE1("We didn"t account for the safety of %s, and it"s one we support...\n", szGUID);

return E_FAIL;

}

}

STDMETHODIMP_(ULONG) CDemoCtl::XObjectSafety::AddRef()

{

METHOD_PROLOGUE_EX_(CDemoCtl, ObjectSafety)

return (ULONG)pThis->ExternalAddRef();

}

STDMETHODIMP_(ULONG) CDemoCtl::XObjectSafety::Release()

{

METHOD_PROLOGUE_EX_(CDemoCtl, ObjectSafety)

return (ULONG)pThis->ExternalRelease();

}

STDMETHODIMP CDemoCtl::XObjectSafety::QueryInterface(

REFIID iid, LPVOID* ppvObj)

{

METHOD_PROLOGUE_EX_(CDemoCtl, ObjectSafety)

return (HRESULT)pThis->ExternalQueryInterface(&iid, ppvObj);

}

//去掉安全警告 END

posted @ 2011-01-27 01:19  alex618  阅读(6331)  评论(0编辑  收藏  举报