覆盖IInternetSecurityManager中的GetSecurityId [英] overriding GetSecurityId in IInternetSecurityManager

问题描述

我已经构建了一个可执行文件，启动一个对话框，其中嵌入了IE浏览器active-x控件（C ++）。

I have built an executable which launches a dialog box in which is embedded the IE web browser active-x control (C++).

我希望此控件允许跨站脚本。网页上的一个框架加载本地html，其他从服务器加载。然后我想要服务器页面调用生活在本地html文件中的javascript函数。

I want this control to allow cross site scripting. One frame on the web page loads local html, the other loads from a server. I then want the server page to call a javascript function that lives in the local html file.

我试图实现这个控件实现它自己的IInternetSecurityManager接口，其中我提供我自己的ProcessUrlAction和GetSecurityId方法。

I am trying to achieve this by having the control implement it's own "IInternetSecurityManager" interface in which I am providing my own ProcessUrlAction and GetSecurityId methods.

根据我已经阅读的内容，我需要做的是让GetSecurityId为所有网址返回相同的域。我的自定义实现被调用，但无论我做什么，当服务器html尝试访问本地html文件上的脚本时，我得到Permission denied错误。下面是我的实现。有没有人看到错误？

From what I've read, what I need to do is make GetSecurityId return the same domain for all urls. My custom implementations are getting called, but no matter what I do, I get the "Permission denied" error when the server html tries to access script on the local html file. Below are my implementations. Does anyone see anything wrong?

#define SECURITY_DOMAIN "http:www.mysite.com"


    STDMETHOD (GetSecurityId)(      
    	LPCWSTR pwszUrl,
    	BYTE *pbSecurityId,
    	DWORD *pcbSecurityId,
    	DWORD_PTR dwReserved)
    {
    	if (*pcbSecurityId >=512)
    	{
    		memset(pbSecurityId,0,*pcbSecurityId);
    		strcpy((char*)pbSecurityId,SECURITY_DOMAIN);
    		pbSecurityId[strlen(SECURITY_DOMAIN)] = 3;
    		pbSecurityId[strlen(SECURITY_DOMAIN)+1] = 0;
    		pbSecurityId[strlen(SECURITY_DOMAIN)+2] = 0;
    		pbSecurityId[strlen(SECURITY_DOMAIN)+3] = 0;

    		*pcbSecurityId = (DWORD)strlen(SECURITY_DOMAIN)+4;
    		return S_OK;


    	}
    	return INET_E_DEFAULT_ACTION;
    }

STDMETHOD(ProcessUrlAction)(
        /* [in] */ LPCWSTR pwszUrl,
        /* [in] */ DWORD dwAction,
        /* [size_is][out] */ BYTE __RPC_FAR *pPolicy,
        /* [in] */ DWORD cbPolicy,
        /* [in] */ BYTE __RPC_FAR *pContext,
        /* [in] */ DWORD cbContext,
        /* [in] */ DWORD dwFlags,
        /* [in] */ DWORD dwReserved)
    {

    	DWORD dwPolicy=URLPOLICY_ALLOW;
    	if ( cbPolicy >= sizeof (DWORD))
    	{
    		*(DWORD*) pPolicy = dwPolicy;
    		return S_OK;
    	} 

    	return INET_E_DEFAULT_ACTION;
    }

推荐答案

正常的安全管理器，并看看正常的安全管理器填充的结构，我能够确定我的问题是在GetSecurityId。为了我的目的，我想将安全域设置为所有用户的本地文件。

By delegating these functions to the normal security manager and having a look at the structures the normal security manager fills in, I was able to determine that my issue was in GetSecurityId. For my purposes, I wanted to set the security domain to be a local file for all comers.

#define SECURITY_DOMAIN "file:"

if (*pcbSecurityId >=512)
{
    memset(pbSecurityId,0,*pcbSecurityId);
    strcpy((char*)pbSecurityId,SECURITY_DOMAIN);
    pbSecurityId[strlen(SECURITY_DOMAIN)+1] = 0;
    pbSecurityId[strlen(SECURITY_DOMAIN)+2] = 0;
    pbSecurityId[strlen(SECURITY_DOMAIN)+3] = 0;
    pbSecurityId[strlen(SECURITY_DOMAIN)+4] = 0;

    *pcbSecurityId = (DWORD)strlen(SECURITY_DOMAIN)+4;
}

这篇关于覆盖IInternetSecurityManager中的GetSecurityId的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！