After the ActiveX control is packaged into a cab and called in a script, you must ensure the security of the control to run securely on your webpage. There are two ways to ensure this: implement an interface named iobjectsafe to your control. If IE finds that your control supports IObjectSafety, it calls the IObjectSafety: setinterfacesafetyoptions method before loading your control. Another method is to modify the registry.
ActiveX Control Security Initialization: implements the isafeobject Interface
After the ActiveX control is packaged into a cab and called in a script, you must ensure the security of the control to run securely on your webpage. There are two ways to ensure this: implement an interface named iobjectsafe to your control. If IE finds that your control supports IObjectSafety, it calls the IObjectSafety: setinterfacesafetyoptions method before loading your control.
1. Creates an MFC ActiveX Control called "tryisafeobject. ocx.
2. Define the isafeobject interface in tryisafeobjectctrl. h:
# Include <objsafe. h> // For IObjectSafety; in ActiveX SDK
Class ctryisafeobjectctrl: Public colecontrol
{
Declare_dyncreate (ctryisafeobjectctrl)
//...................................... ..................................
// Isafeobject
Declare_interface_map ()
Begin_interface_part (objsafe, IObjectSafety)
Stdmethod _ (hresult, getinterfacesafetyoptions )(
/* [In] */refiid riid,
/* [Out] */DWORD _ rpc_far * pdwsupportedoptions,
/* [Out] */DWORD _ rpc_far * pdwenabledoptions
);
Stdmethod _ (hresult, setinterfacesafetyoptions )(
/* [In] */refiid riid,
/* [In] */DWORD dwoptionsetmask,
/* [In] */DWORD dwenabledoptions
);
End_interface_part (objsafe );
// Isafeobject
//...................................... ..................................
.....
};
The objsafe. h header file contains the isafeobject interface definition.
3. Implementation of the isafeobject interface in tryisafeobjectctrl. cpp:
//...................................... .......................................
// Interface map for IObjectSafety
Begin_interface_map (ctryisafeobjectctrl, colecontrol)
Interface_part (ctryisafeobjectctrl, iid_iobjectsafety, objsafe)
End_interface_map ()
//...................................... .......................................
// IObjectSafety member functions
// Delegate addref, release, QueryInterface
Ulong far export ctryisafeobjectctrl: xobjsafe: addref ()
{
Method_prologue (ctryisafeobjectctrl, objsafe)
Return pthis-> externaladdref ();
}
Ulong far export ctryisafeobjectctrl: xobjsafe: release ()
{
Method_prologue (ctryisafeobjectctrl, objsafe)
Return pthis-> externalrelease ();
}
Hresult far export ctryisafeobjectctrl: xobjsafe: QueryInterface (
Refiid IID, void far * ppvobj)
{
Method_prologue (ctryisafeobjectctrl, objsafe)
Return (hresult) pthis-> externalqueryinterface (& IID, ppvobj );
}
Const DWORD dwsupportedbits =
Interfacesafe_for_untrusted_caller |
Interfacesafe_for_untrusted_data;
Const DWORD dwnotsupportedbits = ~ Dwsupportedbits;
//...................................... .......................................
// Cstoplitectrl: xobjsafe: getinterfacesafetyoptions
// Allows container to query what interfaces are safe for what. We're
// Optimizing significantly by ignoring which interface the caller is
// Asking.
Hresult stdmethodcalltype
Ctryisafeobjectctrl: xobjsafe: getinterfacesafetyoptions (
/* [In] */refiid riid,
/* [Out] */DWORD _ rpc_far * pdwsupportedoptions,
/* [Out] */DWORD _ rpc_far * pdwenabledoptions)
{
Method_prologue (ctryisafeobjectctrl, objsafe)
Hresult retval = resultfromscode (s_ OK );
// Does interface exist?
Iunknown far * punkinterface;
Retval = pthis-> externalqueryinterface (& riid,
(Void **) & punkinterface );
If (retval! = E_nointerface) {// interface exists
Punkinterface-> release (); // release it -- just checking!
}
// We support both kinds of safety and have always both set,
// Regardless of Interface
* Pdwsupportedoptions = * pdwenabledoptions = dwsupportedbits;
Return retval; // e_nointerface if Qi failed
}
//////////////////////////////////////// /////////////////////////////////////
// Cstoplitectrl: xobjsafe: setinterfacesafetyoptions
// Since we're always safe, this is a no-brainer -- but we do check to make
// Sure the interface requested exists and that the options we're re asked
// Set exist and are set on (we don't support unsafe mode ).
Hresult stdmethodcalltype
Ctryisafeobjectctrl: xobjsafe: setinterfacesafetyoptions (
/* [In] */refiid riid,
/* [In] */DWORD dwoptionsetmask,
/* [In] */DWORD dwenabledoptions)
{
Method_prologue (ctryisafeobjectctrl, objsafe)
// Does interface exist?
Iunknown far * punkinterface;
Pthis-> externalqueryinterface (& riid, (void **) & punkinterface );
If (punkinterface) {// interface exists
Punkinterface-> release (); // release it -- just checking!
}
Else {// interface doesn' t exist
Return resultfromscode (e_nointerface );
}
// Can't set bits we don't support
If (dwoptionsetmask & dwnotsupportedbits ){
Return resultfromscode (e_fail );
}
// Can't set bits we do support to zero
Dwenabledoptions & = dwsupportedbits;
// (We already know there are no extra bits in mask)
If (dwoptionsetmask & dwenabledoptions )! =
Dwoptionsetmask ){
Return resultfromscode (e_fail );
}
// Don't need to change anything since we're re always safe
Return resultfromscode (s_ OK );
}
Http://www.cnblogs.com/carekee/articles/1772201.html
ActiveX Control Security Initialization 2: manually modify the Registry
Here, the so-called method to modify the registry is to use the component grouping Manager (Component categories manager) to create a correct entry to the system registry. Ie3 checks whether a control in the registry can be safely initialized and operated by scripts. Ie3 calls the icatinformation: isclassofcategories method to determine whether the control supports the Security Group.
1. Creates an MFC ActiveX Control called axcschart. ocx.
2. In axcschart. cpp
Add header file
//.........................
# Include "comcat. H"
# Include "objsafe. H"
//.........................
Const guid cdecl clsid_safeitem =
{0x7ae7497b, 0xcad8, 0x4e66, {0xa5, 0x8b, 0xdd, 0xe9, 0xbc, 0xaf, 0x6b, 0x61 }};
// Create Component Types
Hresult createcomponentcategory (catid, wchar * catdescription)
{
Icatregister * PCR = NULL;
Hresult hR = s_ OK;
HR = cocreateinstance (clsid_stdcomponentcategoriesmgr,
Null, clsctx_inproc_server, iid_icatregister, (void **) & PCR );
If (failed (HR ))
Return hr;
// Make sure the hkcr \ component categories \ {... catid ...}
// Key is registered.
Categoryinfo catinfo;
Catinfo. catid = catid;
Catinfo. lcid = 0x0409; // english
// Make sure the provided description is not too long.
// Only copy the first 127 characters if it is.
Int Len = (INT) wcslen (catdescription );
If (LEN> 127)
Len = 127;
Wcsncpy (catinfo. szdescription, catdescription, Len );
// Make sure the description is NULL terminated.
Catinfo. szdescription [Len] = '\ 0 ';
HR = PCR-> registercategories (1, & catinfo );
PCR-> release ();
Return hr;
}
// Register the component type
Hresult registerclsidincategory (refclsid CLSID, catid)
{
// Register your component categories information.
Icatregister * PCR = NULL;
Hresult hR = s_ OK;
HR = cocreateinstance (clsid_stdcomponentcategoriesmgr,
Null, clsctx_inproc_server, iid_icatregister, (void **) & PCR );
If (succeeded (HR ))
{
// Register this category as being "implemented" by the class.
Catid rgcatid [1];
Rgcatid [0] = catid;
HR = PCR-> registerclassimplcategories (CLSID, 1, rgcatid );
}
If (PCR! = NULL)
PCR-> release ();
Return hr;
}
// Uninstall Component Types
Hresult unregisterclsidincategory (refclsid CLSID, catid)
{
Icatregister * PCR = NULL;
Hresult hR = s_ OK;
HR = cocreateinstance (clsid_stdcomponentcategoriesmgr,
Null, clsctx_inproc_server, iid_icatregister, (void **) & PCR );
If (succeeded (HR ))
{
// Unregister this category as being "implemented" by the class.
Catid rgcatid [1];
Rgcatid [0] = catid;
HR = PCR-> unregisterclassimplcategories (CLSID, 1, rgcatid );
}
If (PCR! = NULL)
PCR-> release ();
Return hr;
}
Then, call
// Dllregisterserver-add the entry to the system registry
Stdapi dllregisterserver (void)
{
Afx_manage_state (_ afxmoduleaddrthis );
If (! Afxoleregistertypelib (AfxGetInstanceHandle (), _ tlid ))
Return resultfromscode (selfreg_e_typelib );
If (! Coleobjectfactoryex: updateregistryall (true ))
Return resultfromscode (selfreg_e_class );
//...................................... .......................................
Hresult hr;
// Tag control initialization security.
// Create an initialized security component type
HR = createcomponentcategory (catid_safeforinitializing, l "controls safely initializable from persistent data! ");
If (failed (HR ))
Return hr;
// Register for initialization Security
HR = registerclsidincategory (clsid_safeitem, catid_safeforinitializing );
If (failed (HR ))
Return hr;
// Flag control Script Security
// Create a script security component type
HR = createcomponentcategory (catid_safeforscripting, l "controls safely Scriptable! ");
If (failed (HR ))
Return hr;
// Register the script security component type
HR = registerclsidincategory (clsid_safeitem, catid_safeforscripting );
If (failed (HR ))
Return hr;
//...................................... .......................................
Return noerror;
}
// Dllunregisterserver-remove the entry from the system registry
Stdapi dllunregisterserver (void)
{
Afx_manage_state (_ afxmoduleaddrthis );
If (! Afxoleunregistertypelib (_ tlid, _ wvermajor, _ wverminor ))
Return resultfromscode (selfreg_e_typelib );
If (! Coleobjectfactoryex: updateregistryall (false ))
Return resultfromscode (selfreg_e_class );
//...................................... .......................................
Hresult hr;
// Delete the control initialization security entry.
HR = unregisterclsidincategory (clsid_safeitem, catid_safeforinitializing );
If (failed (HR ))
Return hr;
// Security entry for deleting Control Scripts
HR = unregisterclsidincategory (clsid_safeitem, catid_safeforscripting );
If (failed (HR ))
Return hr;
//...................................... .......................................
Return noerror;
}
See msdn
MS-help: // Ms. msdnqtr.2003feb. 2052/DNA xctrl/html/msdn_signmark.htm