Using IObjectSafety to mark the security of an ATL control initialization

MSDN original. Here I use the code in the BHO inside, run debugging no problem. Share it with me, please.

Profile You can use the default implementation of IObjectSafetyImpl to mark controls as safe to execute scripts. In many cases, you need to mark the control as safe to initialize.

Note: If it is really safe just label it as safe to execute the script or initialize the control. If the control is potentially unsafe and is marked as safe to perform, you may be liable for damage. See the Reference Resources section below for more information. Back to the top |  Provide feedback more informationThe steps required to obtain the required functionality involve using IObjectSafetyImpl as a class from a derived control and overriding GetInterfaceSafetyOptions and SetInterfaceSafetyOptions. This allows you to implement the required functionality, in which case it means that the script and initialization controls are marked as safe to execute.

to use IObjectSafetyImpl, you need to add it to the list of classes that your control derives from. For example, in the Polygon tutorial, you see the following:

Class Atl_no_vtable CPolyCtl: ... public iobjectsafetyimpl<cpolyctl>//ATL's version of      Iobjectsafety{public:begin_com_map (CPolyCtl) ... Com_interface_entry_impl (IObjectSafety)//Tie IObjectSafety//to this COM m AP End_com_map () Stdmethod (getinterfacesafetyoptions) (REFIID riid, DWORD *pdwsupportedop tions, DWORD *pdwenabledoptions) {atltrace (_t ("Cobjectsafetyimpl::getinterfacesafetyoption S\n ")); if (!pdwsupportedoptions | |!pdwenabledoptions) return E_FAIL; Lpunknown punk;if (_internalqueryinterface (riid, (void**) &punk) = = E_nointerface) {//Our object doesn ' t even supp   Ort this interface. return e_nointerface;}   else{//Cleanup after ourselves.   Punk->release (); PUnk = NULL;} if (riid = = IID_IDispatch) {//IDispatch is a interface used for scripting. If your//control supports other IDispatch or Dual interfaces, you/decide to add them here as well. Client wants to know//if object was safe for scripting.   Only indicate safe for//scripting if the interface is safe.   *pdwsupportedoptions = Interfacesafe_for_untrusted_caller;   *pdwenabledoptions = m_dwsafety & Interfacesafe_for_untrusted_caller; return S_OK;}          else if ((riid = = Iid_ipersiststreaminit) | | (riid = = iid_ipersiststorage)) {//Iid_ipersiststreaminit and Iid_ipersiststorage is//interfaces used for initialization. If your control//supports other persistence interfaces, your may decide to//add them here as well. Client wants to know if object are//safe for initializing.   Only indicate safe for initializing//When the interface is safe.   *pdwsupportedoptions = Interfacesafe_for_untrusted_data;   *pdwenabledoptions = m_dwsafety & interfacesafe_for_untrusted_data; return S_OK;} else{//We are saying this no other interfaces in this control is//safe for initializing or scripting.   *pdwsupportedoptions = 0;   *pdwenabledoptions = 0; return E_FAIL;}}                                  STDMETHOD (setinterfacesafetyoptions) (REFIID riid, DWORD Dwoptionsetmask, DWORD dwenabledoptions) {atltrace (_t ("cobjectsafetyimpl::setinterfacesafetyoptions\n")); if (!dwoptionsetma SK &&!dwenabledoptions) return e_fail; Lpunknown punk;if (_internalqueryinterface (riid, (void**) &punk) = = E_nointerface) {//Our object doesn ' t even supp   Ort this interface. return e_nointerface;}   else{//Cleanup after ourselves.   Punk->release (); PUnk = NULL;} Store safety level to return in//getinterfacesafetyoptionsm_dwsafety |= dwenabledoptions & Dwoptionset Mask;if ((riid = = IID_IDispatch) && (M_dwsafety & Interfacesafe_for_untrusted_caller)) {//Client wants us to disable any functionality this would//make the control unsafe for scripting. TheSame applies to//all other IDispatch or Dual interfaces your control *//support.   Because our control are safe for scripting by//default we just return S_OK. return S_OK;}           else if (((riid = = Iid_ipersiststreaminit) | | (riid = = iid_ipersiststorage)) && (M_dwsafety & Interfacesafe_for_untrusted_data)) {//Client wants us to make the control safe f or initializing//from persistent data. For these interfaces, the this control//are safe so we return S_OK.   For any interfaces that is not/safe, we would return E_FAIL. return S_OK;}   else{//This control doesn ' t allow initialization or Scripting//from any other interfaces so return E_FAIL. return E_FAIL;}} ...}

in ATL 3.0, the implementation of IObjectSafetyImpl has changed so that it can be used as a template parameter now to provide security options. For example, the class declaration above will appear as

Class atl_no_vtable CPolyCtl:   ... Public iobjectsafetyimpl<cpolyctl,      Interfacesafe_for_untrusted_caller |         Interfacesafe_for_untrusted_data>{public:   begin_com_map (CPolyCtl) ...

and you do not need to rewrite two methods. For additional information, click the following article number to view the article in the Microsoft Knowledge Base: 192093PRB: Compiler error when porting to ATL 3.0 IObjectSafetyImplReferenceFor additional information about ActiveX controls that are marked as safe for scripting and initialization, see the following articles in the Microsoft Knowledge Base:161873How to initialize MFC controls with markup for scripting security164119 Example: Implementing IObjectSafety in an ActiveX control

Using IObjectSafety to mark the security of an ATL control initialization