当 UseSafeSubset 为 true 时,我不能使用什么? [英] What can't I use when UseSafeSubset is true?
问题描述
当我在 VB6 中使用 MSScriptControl 并设置 UseSafeSubset = True 时,我不能做什么?我的意思是,我不能使用哪些控件?或者某些核心对象无法实例化或使用?也许我不能 CRUD 文件?我需要一份明确的清单.
When I use an MSScriptControl in VB6, and set UseSafeSubset = True, what kind of things can't I do? I mean, what Controls can't I use? Or maybe some core Objects can't be instantiated or used? Maybe I can't CRUD files? I need a definitive list, please.
这个线程告诉注册表中的一个特殊标志,用于设置 UseSafeSubset = True 时阻止哪些控件,但它没有详细说明.上面说应该很容易搜索,但是谷歌搜索了两天什么也没找到.
This thread tells of a special flag in the registry that sets which controls are blocked when UseSafeSubset = True, but it doesn't elaborate on it. It says it should be easy to search, but two days of Googling found nothing.
推荐答案
VBScript 从 VBA 中删除了所有不安全的命令.所以没有文件或注册表访问权限.只有 CreateObject/GetObject 可以影响系统.
VBScript had all unsafe commands from VBA removed. So no file or registry access. Only CreateObject/GetObject can affect the system.
来自帮助(C:\Windows\System32 中的 MsScript.hlp)
From Help (MsScript.hlp in C:\Windows\System32)
备注
正在使用的脚本引擎确定是否以及何时设置 UseSafeSubset 属性.如果未指定语言(语言属性),则可以随时设置 UseSafeSubset.
The scripting engine in use determines if, and when, the UseSafeSubset property is set. If no language is specified (Language property), the UseSafeSubset can be set at any time.
UseSafeSubset 为 True 时无法使用的对象和过程与浏览器最高安全设置限制的对象和过程相同.
The objects and procedures that can't be used when UseSafeSubset is True are identical to those restricted by the browser's highest security setting.
浏览器使用这个(和 IOleSafety).来自 MSDN 2001 年 10 月
The Browser uses this (and IOleSafety). From MSDN Oct 2001
如前所述,Internet Explorer 会检查系统注册表以确定控件对于初始化和/或脚本编写是否安全.Internet Explorer 通过调用 ICatInformation::IsClassOfCategories 方法来检查注册表,以确定控件是否支持给定的类别(初始化安全或脚本安全).
As mentioned previously, Internet Explorer examines the system registry to determine whether a control is safe for initialization and/or scripting. Internet Explorer examines the registry by calling the ICatInformation::IsClassOfCategories method to determine if the control supports the given category (safe for initializing or safe for scripting).
如果控件使用组件类别管理器将自身注册为安全的,则该控件的注册表项包含一个已实现的类别项,其中包含一个或两个子项.如果控件支持安全初始化,则设置一个子项,如果控件支持安全脚本,则设置另一个子项.安全初始化子项对应CATID_SafeForInitializing;安全脚本子项对应于 CATID_SafeForScripting.(与 Comcat.h 文件中定义的组件类别的其他子项不同,安全初始化和脚本编写的子项在 Objsafe.h 中定义.)
If a control uses the Component Categories Manager to register itself as being safe, the registry entry for that control contains an Implemented Categories key, which contains one or two subkeys. One subkey is set if the control supports safe initialization, and the other subkey is set if the control supports safe scripting. The safe initialization subkey corresponds to CATID_SafeForInitializing; the safe scripting subkey corresponds to CATID_SafeForScripting. (Unlike the other subkeys for the component categories that are defined in the Comcat.h file, the subkeys for safe initialization and scripting are defined in Objsafe.h.)
请参阅 URL 安全区域了解限制内容 这是高模板(又名限制区域)
See URL Security Zones for what is restricted This is the High Template (aka Restricted Zone)
URL action URL policy
URLACTION_ACTIVEX_OVERRIDE_OBJECT_SAFETY URLPOLICY_DISALLOW
URLACTION_ACTIVEX_RUN URLPOLICY_DISALLOW
URLACTION_CHANNEL_SOFTDIST_PERMISSIONS URLPOLICY_CHANNEL_SOFTDIST_PROHIBIT
URLACTION_COOKIES URLPOLICY_DISALLOW
URLACTION_COOKIES_SESSION URLPOLICY_DISALLOW
URLACTION_CREDENTIALS_USE URLPOLICY_CREDENTIALS_MUST_PROMPT_USER
URLACTION_CROSS_DOMAIN_DATA URLPOLICY_DISALLOW
URLACTION_DOWNLOAD_SIGNED_ACTIVEX URLPOLICY_DISALLOW
URLACTION_DOWNLOAD_UNSIGNED_ACTIVEX URLPOLICY_DISALLOW
URLACTION_HTML_FONT_DOWNLOAD URLPOLICY_QUERY
URLACTION_HTML_SUBFRAME_NAVIGATE URLPOLICY_DISALLOW
URLACTION_HTML_SUBMIT_FORMS URLPOLICY_QUERY
URLACTION_HTML_USERDATA_SAVE URLPOLICY_DISALLOW
URLACTION_JAVA_PERMISSIONS URLPOLICY_JAVA_HIGH
URLACTION_SCRIPT_JAVA_USE URLPOLICY_DISALLOW
URLACTION_SCRIPT_PASTE URLPOLICY_DISALLOW
URLACTION_SCRIPT_RUN URLPOLICY_ALLOW
URLACTION_SCRIPT_SAFE_ACTIVEX URLPOLICY_DISALLOW
URLACTION_SHELL_FILE_DOWNLOAD URLPOLICY_DISALLOW
URLACTION_SHELL_INSTALL_DTITEMS URLPOLICY_DISALLOW
URLACTION_SHELL_MOVE_OR_COPY URLPOLICY_QUERY
URLACTION_SHELL_VERB URLPOLICY_DISALLOW
这篇关于当 UseSafeSubset 为 true 时,我不能使用什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
