I created an executable file that launches a dialog box into which the IE (C ++) Active-x control is embedded.
I want this control to allow scripting on different sites. One frame on the web page loads local html, others are loaded from the server. Then I want the server page to call a javascript function that lives in a local html file.
I am trying to achieve this, having control over the empire, my own interface "IInternetSecurityManager", in which I provide my own methods ProcessUrlAction and GetSecurityId.
From what I read, I need to make GetSecurityId return the same domain for all URLs. My custom implementations are invoked, but no matter what I do, I get a "Failure Resolution" error message when the html server tries to access the script in a local html file. Below are my implementations. Does anyone see something wrong?
#define SECURITY_DOMAIN "http:www.mysite.com" STDMETHOD (GetSecurityId)( LPCWSTR pwszUrl, BYTE *pbSecurityId, DWORD *pcbSecurityId, DWORD_PTR dwReserved) { if (*pcbSecurityId >=512) { memset(pbSecurityId,0,*pcbSecurityId); strcpy((char*)pbSecurityId,SECURITY_DOMAIN); pbSecurityId[strlen(SECURITY_DOMAIN)] = 3; pbSecurityId[strlen(SECURITY_DOMAIN)+1] = 0; pbSecurityId[strlen(SECURITY_DOMAIN)+2] = 0; pbSecurityId[strlen(SECURITY_DOMAIN)+3] = 0; *pcbSecurityId = (DWORD)strlen(SECURITY_DOMAIN)+4; return S_OK; } return INET_E_DEFAULT_ACTION; } STDMETHOD(ProcessUrlAction)( /* [in] */ LPCWSTR pwszUrl, /* [in] */ DWORD dwAction, /* [size_is][out] */ BYTE __RPC_FAR *pPolicy, /* [in] */ DWORD cbPolicy, /* [in] */ BYTE __RPC_FAR *pContext, /* [in] */ DWORD cbContext, /* [in] */ DWORD dwFlags, /* [in] */ DWORD dwReserved) { DWORD dwPolicy=URLPOLICY_ALLOW; if ( cbPolicy >= sizeof (DWORD)) { *(DWORD*) pPolicy = dwPolicy; return S_OK; } return INET_E_DEFAULT_ACTION; }
c ++ security internet-explorer xss webbrowser-control
Dan g
source share