|
|
You're in the
asp.net building controls
group:Non-visual C# objects on a webpage are not marked as "safe for scr
asp.net building controls:
I'm developing .NET components in C# which are used as ActiveX-style controls on web pages that are displayed inside a custom browser which is based on the IE web browser control. On 3 of about 100 PCs that the controls have been tried on, the browser produces the following error message: An ActiveX control on this page is not safe. Your current security settings prohibit running unsafe controls on this page. As a result, this page may not display as intended. I believe this is the "not safe for scripting" error. According to what I've read, we shouldn't be seeing this error because the object tag which puts the C# control on the page references a URL in the CLASSID attribute; supposedly this type of reference automatically marks the object as safe for scripting. However, neither adding a 'mayscript="true"' attribute to the object tag nor implementing IObjectSafety eliminates the problem. The problem only plagues non-visual controls, i.e., C# objects which do not inherit from System.Windows.Forms.Control. The only step required to alleviate the problem is to inherit from System.Windows.Forms.Control or one of its derivatives. However, inheriting from System.ComponentModel.Component does not eliminate the error message. Is this the expected behavior? Is there another workaround which would allow me to put non-visual, non-Control-derived C# classes on the web page? I'm using v1.1 SP1 of the Framework.
[quoted text, click to view]
"Nicholas Paldino [.NET/C# MVP]" wrote: Nicholas,> lwickland, > > I would try and define the IObjectSafety interface on your objects. You > would have to define it first, but that should be a trivial matter. Thanks for replying. As I noted in my original post, I have tried implementing IObjectSafety to no avail. I stuck MessageBox.Show()s in the methods implementing IObjectSafety to ensure that I had implemented it correctly. On a PC that didn't display the "safe for scripting" error, the MessageBox.Show()s were displayed as expected when the javascript on the web page referenced the C# object. On a PC that did display the "safe for scripting" error, the MessageBoxes weren't displayed, indicating to me that the web page wasn't recognizing that the object implemented IObjectSafety. Do you have any further suggestions? We haven't been able to find any pattern to the PCs that the problem has appeared on; we've seen the issue on both Windows 2000 and Windows XP. Thanks, Leif Wickland
lwickland,
I would try and define the IObjectSafety interface on your objects. You would have to define it first, but that should be a trivial matter. Hope this helps. -- - Nicholas Paldino [.NET/C# MVP] - mvp@spam.guard.caspershouse.com [quoted text, click to view] "lwickland" <lwickland@discussions.microsoft.com> wrote in message news:196A671B-E791-4795-A6B7-D7C6E27413AC@microsoft.com... > Non-visual C# objects on a webpage are not marked as "safe for scripting" > > I'm developing .NET components in C# which are used as ActiveX-style > controls on web pages that are displayed inside a custom browser which is > based on the IE web browser control. On 3 of about 100 PCs that the > controls > have been tried on, the browser produces the following error message: > > An ActiveX control on this page is not safe. > Your current security settings prohibit running unsafe controls on this > page. > As a result, this page may not display as intended. > > I believe this is the "not safe for scripting" error. According to what > I've read, we shouldn't be seeing this error because the object tag which > puts the C# control on the page references a URL in the CLASSID attribute; > supposedly this type of reference automatically marks the object as safe > for > scripting. However, neither adding a 'mayscript="true"' attribute to the > object tag nor implementing IObjectSafety eliminates the problem. > > The problem only plagues non-visual controls, i.e., C# objects which do > not > inherit from System.Windows.Forms.Control. The only step required to > alleviate the problem is to inherit from System.Windows.Forms.Control or > one > of its derivatives. However, inheriting from > System.ComponentModel.Component > does not eliminate the error message. > > Is this the expected behavior? Is there another workaround which would > allow me to put non-visual, non-Control-derived C# classes on the web > page? > > I'm using v1.1 SP1 of the Framework. >
Hi,
[quoted text, click to view] > As I noted in my original post, I have tried implementing IObjectSafety to > no avail. > IObjectSafety & friends /// <summary> /// See Internet SDK, IObjectSafety. /// </summary> [Flags] public enum ObjectSafetyFlags : int { /// <summary> /// Caller of interface may be untrusted /// </summary> INTERFACESAFE_FOR_UNTRUSTED_CALLER = 1, /// <summary> /// Data passed into interface may be untrusted /// </summary> INTERFACESAFE_FOR_UNTRUSTED_DATA = 2, /// <summary> /// Object knows to use IDispatchEx. /// </summary> INTERFACE_USES_DISPEX = 4, /// <summary> /// Objects knows to use IInternetHostSecurityManager. /// </summary> INTERFACE_USES_SECURITY_MANAGER = 8, /// <summary> /// Flags combination. /// </summary> SafeForScripting = INTERFACESAFE_FOR_UNTRUSTED_CALLER | INTERFACESAFE_FOR_UNTRUSTED_DATA } /// <summary> /// See Internet SDK, IObjectSafety. /// </summary> [ComVisible(true)] [ComImport] [Guid("CB5BDC81-93C1-11cf-8F20-00805F2CD064")] [InterfaceType(ComInterfaceType.InterfaceIsIUnknown)] public interface IObjectSafety { void GetInterfaceSafetyOptions(ref Guid riid, out int supportedOptions, out int enabledOptions); void SetInterfaceSafetyOptions(ref Guid riid, int optionSetMask, int enabledOptions); } Implementation: [ComVisible(true)] [Guid("773ecc45-670f-45d0-8780-2ab71c654a21")] public class MyUserControl : UserControl, IObjectSafety { ... public void GetInterfaceSafetyOptions(ref Guid riid, out int supportedOptions, out int enabledOptions) { supportedOptions = enabledOptions = (int) ObjectSafetyFlags.SafeForScripting; } public void SetInterfaceSafetyOptions(ref Guid riid, int optionSetMask, int enabledOptions) { } .... } bye
Hi, [quoted text, click to view] > As I noted in my original post, I have tried implementing IObjectSafety to > no avail. IObjectSafety & friends /// <summary> /// See Internet SDK, IObjectSafety. /// </summary> [Flags] public enum ObjectSafetyFlags : int { /// <summary> /// Caller of interface may be untrusted /// </summary> INTERFACESAFE_FOR_UNTRUSTED_CALLER = 1, /// <summary> /// Data passed into interface may be untrusted /// </summary> INTERFACESAFE_FOR_UNTRUSTED_DATA = 2, /// <summary> /// Object knows to use IDispatchEx. /// </summary> INTERFACE_USES_DISPEX = 4, /// <summary> /// Objects knows to use IInternetHostSecurityManager. /// </summary> INTERFACE_USES_SECURITY_MANAGER = 8, /// <summary> /// Flags combination. /// </summary> SafeForScripting = INTERFACESAFE_FOR_UNTRUSTED_CALLER | INTERFACESAFE_FOR_UNTRUSTED_DATA } /// <summary> /// See Internet SDK, IObjectSafety. /// </summary> [ComVisible(true)] [ComImport] [Guid("CB5BDC81-93C1-11cf-8F20-00805F2CD064")] [InterfaceType(ComInterfaceType.InterfaceIsIUnknown)] public interface IObjectSafety { void GetInterfaceSafetyOptions(ref Guid riid, out int supportedOptions, out int enabledOptions); void SetInterfaceSafetyOptions(ref Guid riid, int optionSetMask, int enabledOptions); } Implementation: [ComVisible(true)] [Guid("773ecc45-670f-45d0-8780-2ab71c654a21")] public class MyUserControl : UserControl, IObjectSafety { ... public void GetInterfaceSafetyOptions(ref Guid riid, out int supportedOptions, out int enabledOptions) { supportedOptions = enabledOptions = (int) ObjectSafetyFlags.SafeForScripting; } public void SetInterfaceSafetyOptions(ref Guid riid, int optionSetMask, int enabledOptions) { } .... } bye Rob --------------- Posted using Community Server NewsReader, Alpha
Hi,
Can someone show me how to implement the IObjectSafety (or any other MS defined) interface using C#? I am new to .NET and apparently I am missing something. Everything I've tried does not work. Jeff Finz [quoted text, click to view] "Nicholas Paldino [.NET/C# MVP]" wrote:
> lwickland, > > I would try and define the IObjectSafety interface on your objects. You > would have to define it first, but that should be a trivial matter. > > Hope this helps. > > > -- > - Nicholas Paldino [.NET/C# MVP] > - mvp@spam.guard.caspershouse.com > > "lwickland" <lwickland@discussions.microsoft.com> wrote in message > news:196A671B-E791-4795-A6B7-D7C6E27413AC@microsoft.com... > > Non-visual C# objects on a webpage are not marked as "safe for scripting" > > > > I'm developing .NET components in C# which are used as ActiveX-style > > controls on web pages that are displayed inside a custom browser which is > > based on the IE web browser control. On 3 of about 100 PCs that the > > controls > > have been tried on, the browser produces the following error message: > > > > An ActiveX control on this page is not safe. > > Your current security settings prohibit running unsafe controls on this > > page. > > As a result, this page may not display as intended. > > > > I believe this is the "not safe for scripting" error. According to what > > I've read, we shouldn't be seeing this error because the object tag which > > puts the C# control on the page references a URL in the CLASSID attribute; > > supposedly this type of reference automatically marks the object as safe > > for > > scripting. However, neither adding a 'mayscript="true"' attribute to the > > object tag nor implementing IObjectSafety eliminates the problem. > > > > The problem only plagues non-visual controls, i.e., C# objects which do > > not > > inherit from System.Windows.Forms.Control. The only step required to > > alleviate the problem is to inherit from System.Windows.Forms.Control or > > one > > of its derivatives. However, inheriting from > > System.ComponentModel.Component > > does not eliminate the error message. > > > > Is this the expected behavior? Is there another workaround which would > > allow me to put non-visual, non-Control-derived C# classes on the web > > page? > > > > I'm using v1.1 SP1 of the Framework. > > > >
[quoted text, click to view]
> > As I noted in my original post, I have tried implementing > IObjectSafety to > > no avail. > > IObjectSafety & friends > ... I tried implementing IObjectSafety as you've listed it here and I saw the same "not safe for scripting" error. It's worth mentioning that my class wasn't derived from Control or UserControl as yours was. Thanks for the suggestion.
Don't see what you're looking for? Try a search.
|
June 2003
July 2003
August 2003
September 2003
October 2003
November 2003
December 2003
January 2004
February 2004
March 2004
April 2004
May 2004
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |