none
Security WebBrowser RRS feed

  • Question

  • Hi,
    First, sorry for my English.
    I designed an application using a Webbrowser control and for security reasons I would like to disable the execution of Active X code in it. Does someone can tell me how do it

    Thank you
    Friday, March 28, 2008 5:45 AM

Answers

  •  Hikrab wrote:

    I designed an application using a Webbrowser control and for security reasons I would like to disable the execution of Active X code in it. Does someone can tell me how do it

     

    Hi Hikrab,

     

    To Internet Explorer, we can disable ActiveX control like this:

     

    Please check this document: Activating ActiveX Controls

    http://msdn2.microsoft.com/en-us/library/ms537508.aspx#weboc

    WebBrowser Control Impact section

    By default, custom applications hosting the WebBrowser Control do not block interactive ActiveX controls loaded by the APPLET, EMBED, or OBJECT elements.

    To match the behavior of Internet Explorer in your application,

    1. add the DOCHOSTUIFLAG_ENABLE_ACTIVEX_INACTIVATE_MODE flag to the dwFlags parameter of your DOCHOSTUIINFO structure.

    2. You can also enable interactive control blocking by adding your application's process name to the registry key.

     

     

    Other references:

    ActiveX controls and plug-ins

    Implementing a PopUp blocker into a WebBrowser

    http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=2983280&SiteID=1

     

    Securing Your Web Browser

    http://www.cert.org/tech_tips/securing_browser/

     

     

    Regards,

    Martin

    Wednesday, April 2, 2008 8:41 AM

All replies

  •  Hikrab wrote:

    I designed an application using a Webbrowser control and for security reasons I would like to disable the execution of Active X code in it. Does someone can tell me how do it

     

    Hi Hikrab,

     

    To Internet Explorer, we can disable ActiveX control like this:

     

    Please check this document: Activating ActiveX Controls

    http://msdn2.microsoft.com/en-us/library/ms537508.aspx#weboc

    WebBrowser Control Impact section

    By default, custom applications hosting the WebBrowser Control do not block interactive ActiveX controls loaded by the APPLET, EMBED, or OBJECT elements.

    To match the behavior of Internet Explorer in your application,

    1. add the DOCHOSTUIFLAG_ENABLE_ACTIVEX_INACTIVATE_MODE flag to the dwFlags parameter of your DOCHOSTUIINFO structure.

    2. You can also enable interactive control blocking by adding your application's process name to the registry key.

     

     

    Other references:

    ActiveX controls and plug-ins

    Implementing a PopUp blocker into a WebBrowser

    http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=2983280&SiteID=1

     

    Securing Your Web Browser

    http://www.cert.org/tech_tips/securing_browser/

     

     

    Regards,

    Martin

    Wednesday, April 2, 2008 8:41 AM
  • Thanks Martin for your help.
    But I don't know how to do DOCHOSTUIINFO in vb. can you tell me how?
    Thursday, April 3, 2008 4:05 AM
  •  Martin Xie - MSFT wrote:

    To match the behavior of Internet Explorer in your application,

    1. add the DOCHOSTUIFLAG_ENABLE_ACTIVEX_INACTIVATE_MODE flag to the dwFlags parameter of your DOCHOSTUIINFO structure.

     

    Hi Hikrab,

     

    Here is DOCHOSTUIINFO Structure in C++

    http://msdn2.microsoft.com/en-us/library/aa770044(VS.85).aspx

    Code Snippet

    typedef struct _DOCHOSTUIINFO {

        ULONG cbSize;

        DWORD dwFlags;

        DWORD dwDoubleClick;

        OLECHAR *pchHostCss;

        OLECHAR *pchHostNS;

    } DOCHOSTUIINFO;

     

    The Equivalent DOCHOSTUIINFO structure in VB.NET

    Code Snippet

    Public Structure DOCHOSTUIINFO

      Public cbSize As UInteger

      Public dwFlags As UInteger

      Public dwDoubleClick As UInteger

      Public pchHostCss As UInteger

      Public pchHostNS As UInteger

    End Structure

     

    Add the DOCHOSTUIFLAG_ENABLE_ACTIVEX_INACTIVATE_MODE flag to the dwFlags parameter of the DOCHOSTUIINFO structure in GetHostInfo()

    Code Snippet

    Public Sub GetHostInfo(ByRef theHostUIInfo As MsHtmlCustomization.DOCHOSTUIINFO)

      'turn the flags on

      theHostUIInfo.dwFlags = theHostUIInfo.dwFlags Or DOCHOSTUIFLAG_ENABLE_ACTIVEX_INACTIVATE_MODE

    End Sub

     

    Please check this thread and document for detail:

    Thread: http://bytes.com/forum/thread47988.html

    Document: http://www.codeproject.com/KB/books/0764549146_8.aspx

     

     

    By the way, here are two helpful tools:

    1. Instant VB: C# to VB converter

    The tool can convert entire C# project to corresponding VB.NET project, also can convert code snippet.

    2. Convert C# code to VB.NET code by means of this Code Translator tool.

       C# and VB.Net are essentially identical.

    Thursday, April 3, 2008 10:59 AM