How to mark an MFC ActiveX control as secure, script, and initialize

MSDN original. ActiveX Control tag Security (can be more than just MFC ActiveX)

Profile By default, MFC ActiveX controls are not marked as safe for scripting and are safe for initialization. It is obvious that control runs are set to medium or high when the security level is used in Internet Explorer. in these patterns, the control's data is unsafe or unlikely to be used in a security script, and a warning may be displayed.

There are two of controls that you can use to eliminate these errors. the first control that involves implementing the IObjectSafety interface is useful for controls that run in the context of an Internet browser that wants to change its behavior to become "safe." The second step is to modify the control's DllRegisterServer function to mark the control's "security" in the registry. This article describes the second of these methods. the first method implements the IObjectSafety interface, which is described in the Internet client SDK.

Keep in mind that a control should only be marked as safe if it is, in fact, safe. See the Internet client SDK documentation for this description. in the Component Development section, see "Security initialization and scripting ActiveX controls".

Note: This article does not describe how to mark a control as a secure download. For more information about code downloads and code signing, see the Internet client SDK. More informationfollow these steps to mark an MFC ActiveX control as script safe and for initialization to be secure:

1. Add the following cathelp.h and Cathelp.cpp files to the createcomponentcategory and RegisterCLSIDInCategory helper functions that are implemented by the project. Cathelp.h

         #include "comcat.h"      //Helper function to create a component category and associated      //description      HRESULT C Reatecomponentcategory (CATID CATID, wchar* catdescription);      Helper function to register a CLSID as belonging to a component      //category      HRESULT registerclsidincategory (R Efclsid clsid, CATID CATID);

   Cathelp.cpp

         #include "comcat.h"//Helper function to create a component category and associated//description H         RESULT createcomponentcategory (CATID CATID, wchar* catdescription) {icatregister* PCR = NULL;         HRESULT hr = S_OK; hr = CoCreateInstance (CLSID_StdComponentCategoriesMgr, NULL, C         Lsctx_inproc_server, Iid_icatregister, (void**) &PCR);         if (FAILED (HR)) return HR; Make sure the Hkcr\component categories\{.         CatID ...}         Key is registered CategoryInfo Catinfo;         Catinfo.catid = catid; Catinfo.lcid = 0x0409;         中文版//Make sure the provided description are not too long.         Only copy of the first 127 characters if it is int len = wcslen (catdescription);         if (len>127) len = 127; wcsncpy (Catinfo.szdescription, catdeScription, Len);         Make sure the description is null terminated catinfo.szdescription[len] = ' + ';         hr = pcr->registercategories (1, &catinfo);         Pcr->release ();      return HR; }//Helper function to register a CLSID as belonging to a component//category HRESULT Registerclsidincat         Egory refclsid clsid, CATID CATID) {//Register your component categories information.         icatregister* PCR = NULL;         HRESULT hr = S_OK; hr = CoCreateInstance (CLSID_StdComponentCategoriesMgr, NULL, C         Lsctx_inproc_server, Iid_icatregister, (void**) &PCR);            if (SUCCEEDED (HR)) {//Register this category as being ' implemented ' by//the class.            CATID Rgcatid[1];            Rgcatid[0] = catid; hr = Pcr->registerclassimplcategories (CLSID, 1, rgcatid);         } if (PCR! = NULL) pcr->release ();      return HR; }

2. Modify the control DllRegisterServer that is marked as safe.

         #include "CatHelp.h"

   define the GUID associated with the security component category:

         Const CATID CATID_SafeForScripting     =      {0x7dd95801,0x9882,0x11cf,{0x9f,0xa9,0x00,0xaa,0x00,0x6c,0x42,0xc4} };      Const CATID CATID_SafeForInitializing  =      {0x7dd95802,0x9882,0x11cf,{0x9f,0xa9,0x00,0xaa,0x00,0x6c,0x42, 0xc4}};

   defines the GUID that is associated with your control. For simplicity, you can loan the GUID implement_olecreate_ex macro in the control's main. cpp file. Adjust the formatting slightly so that it looks like this:

         Const GUID CDECL Based_code _ctlid =      {0x43bd9e45, 0x328f, 0x11d0,              {0xa6, 0xb9, 0x0, 0xaa, 0x0, 0xa7, 0xf, 0xc2 } };

   To mark your control as both scripted and initialized for both security, modify the DllRegisterServer function as follows:

         STDAPI DllRegisterServer (void) {afx_manage_state (_afxmoduleaddrthis); if (!          AfxOleRegisterTypeLib (AfxGetInstanceHandle (), _tlid)) return Resultfromscode (Selfreg_e_typelib); if (!          Coleobjectfactoryex::updateregistryall (TRUE)) return Resultfromscode (Selfreg_e_class); if (FAILED (CreateComponentCategory (catid_safeforscripting, L "Controls that is safely          Scriptable "))) return Resultfromscode (Selfreg_e_class); if (FAILED (CreateComponentCategory (catid_safeforinitializing, L "Controls safely Initia          Lizable from persistent data ")) return Resultfromscode (Selfreg_e_class); if (FAILED (RegisterCLSIDInCategory (_ctlid, catid_safeforscripting)) return resultfroms          Code (SELFREG_E_CLASS); if (FAILED (RegisterCLSIDInCategory (_ctlid, Catid_safeforinitializing)) return Resultfromscode (Selfreg_e_class);      return noerror; }

for these reasons there are two DllUnregisterServer functions that should be modified under abnormal conditions:

• You do not want to remove the component category because other controls may be using it.
• Although a unregisterclsidincategory function is not defined, by default DllUnregisterServer controls the entry that is removed from the registry completely. Therefore, deleting a category from a control's registration is almost useless.

when you compile and register your control, the following key is found in the registry:

   Hkey_classes_root\component   categories\{7dd95801-9882-11cf-9fa9-00aa006c42c4}   HKEY_CLASSES_ROOT\ Component   categories\{7dd95802-9882-11cf-9fa9-00aa006c42c4}   hkey_classes_root\clsid\{"Your controls GUID "}\implemented   categories\{7dd95801-9882-11cf-9fa9-00aa006c42c4}   hkey_classes_root\clsid\{" your Controls GUID "}\implemented   categories\{7dd95802-9882-11cf-9fa9-00aa006c42c4}

ReferenceThe Internet client SDK component is developed for secure initialization and scripting for running ActiveX controls

How to mark an MFC ActiveX control as secure, script, and initialize