We have a Windows Forms application that hosts a web application from http://localhost (on the port selected at runtime) in a WebBrowser control, which basically works fine. Inside the webapp there is a βhelpβ link that appears in a new window, and we deal with this by listening to the NewWindow event and displaying the help URL in another WebBrowser control in a different form / window, this also basically works fine.
The problem is that the html help files generate script errors that cause annoying pop-up error messages. When viewed in a browser (confirmed with IE, Chrome, and Firefox), dev tools display script errors, but browsers suppress them by default (without annoying pop-ups). Thus, in order to suppress errors when using the WebBrowser control, we followed the approach from <Disable JavaScript error in the WebBrowser control
Side note: top approach to using webBrowser.ScriptErrorsSuppressed = true; actually suppresses all the pop-ups that we would prefer not to do, so we went with a second response to receiving an error handler:
void FooWebBrowser_Navigated(object sender, WebBrowserNavigatedEventArgs e) { SuppressErrorDialogs(sender); } void FooWebBrowser_FileDownload(object sender, EventArgs e) { SuppressErrorDialogs(sender); } private void SuppressErrorDialogs(object sender) { WebBrowser webBrowser = sender as WebBrowser; if(null == webBrowser) { return; } HtmlDocument document = webBrowser.Document; if(null == document) { return; } HtmlWindow window = document.Window; if(null == window) { return; } window.Error += (o, args) => args.Handled = true; }
The recipient of the .Document property in SuppressErrorDialogs does not work as follows:
System.UnauthorizedAccessException was unhandled by user code Message=Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)) Source=System.Windows.Forms StackTrace: at System.Windows.Forms.UnsafeNativeMethods.IHTMLLocation.GetHref() at System.Windows.Forms.WebBrowser.get_Document() at FSG.Process.Offline.FocusWebBrowser.SuppressErrorDialogs(Object sender) in C:\CoreFocus360\Technology\Process\Main\Assemblies\FSG.Process.Offline\FocusWebBrowser.cs:line 55 at FSG.Process.Offline.FocusWebBrowser.FocusWebBrowser_Navigated(Object sender, WebBrowserNavigatedEventArgs e) in C:\CoreFocus360\Technology\Process\Main\Assemblies\FSG.Process.Offline\FocusWebBrowser.cs:line 40 at System.Windows.Forms.WebBrowser.OnNavigated(WebBrowserNavigatedEventArgs e) at System.Windows.Forms.WebBrowser.WebBrowserEvent.NavigateComplete2(Object pDisp, Object& urlObject) InnerException:
Thus, the error was raised from IHTMLLocation.GetHref() . We spent some time researching WebPermission (s), which was in effect at the time of the call, before realizing that this error was not chosen by our own .Net security model - it comes from the main IE browser.
All the URLs of our web application (including help files) are located on the local host, so this error is really not expected, i.e. we do not expect the launch of defense against attacks on cross-site scripts.
==== UPDATE ====
This seems to be related to the security of gateway scripts. I could not solve this problem with the code above, but there was an alternative solution to the original problem (script error suppression), see Override IOleCommandTarget to suppress script error