覆盖IInternetSecurityManager中的GetSecurityId [英] overriding GetSecurityId in IInternetSecurityManager
问题描述
我已经构建了一个可执行文件,启动一个对话框,其中嵌入了IE浏览器active-x控件(C ++)。
I have built an executable which launches a dialog box in which is embedded the IE web browser active-x control (C++).
我希望此控件允许跨站脚本。网页上的一个框架加载本地html,其他从服务器加载。然后我想要服务器页面调用生活在本地html文件中的javascript函数。
I want this control to allow cross site scripting. One frame on the web page loads local html, the other loads from a server. I then want the server page to call a javascript function that lives in the local html file.
我试图实现这个控件实现它自己的IInternetSecurityManager接口,其中我提供我自己的ProcessUrlAction和GetSecurityId方法。
I am trying to achieve this by having the control implement it's own "IInternetSecurityManager" interface in which I am providing my own ProcessUrlAction and GetSecurityId methods.
根据我已经阅读的内容,我需要做的是让GetSecurityId为所有网址返回相同的域。我的自定义实现被调用,但无论我做什么,当服务器html尝试访问本地html文件上的脚本时,我得到Permission denied错误。下面是我的实现。有没有人看到错误?
From what I've read, what I need to do is make GetSecurityId return the same domain for all urls. My custom implementations are getting called, but no matter what I do, I get the "Permission denied" error when the server html tries to access script on the local html file. Below are my implementations. Does anyone see anything wrong?
#define SECURITY_DOMAIN "http:www.mysite.com"
STDMETHOD (GetSecurityId)(
LPCWSTR pwszUrl,
BYTE *pbSecurityId,
DWORD *pcbSecurityId,
DWORD_PTR dwReserved)
{
if (*pcbSecurityId >=512)
{
memset(pbSecurityId,0,*pcbSecurityId);
strcpy((char*)pbSecurityId,SECURITY_DOMAIN);
pbSecurityId[strlen(SECURITY_DOMAIN)] = 3;
pbSecurityId[strlen(SECURITY_DOMAIN)+1] = 0;
pbSecurityId[strlen(SECURITY_DOMAIN)+2] = 0;
pbSecurityId[strlen(SECURITY_DOMAIN)+3] = 0;
*pcbSecurityId = (DWORD)strlen(SECURITY_DOMAIN)+4;
return S_OK;
}
return INET_E_DEFAULT_ACTION;
}
STDMETHOD(ProcessUrlAction)(
/* [in] */ LPCWSTR pwszUrl,
/* [in] */ DWORD dwAction,
/* [size_is][out] */ BYTE __RPC_FAR *pPolicy,
/* [in] */ DWORD cbPolicy,
/* [in] */ BYTE __RPC_FAR *pContext,
/* [in] */ DWORD cbContext,
/* [in] */ DWORD dwFlags,
/* [in] */ DWORD dwReserved)
{
DWORD dwPolicy=URLPOLICY_ALLOW;
if ( cbPolicy >= sizeof (DWORD))
{
*(DWORD*) pPolicy = dwPolicy;
return S_OK;
}
return INET_E_DEFAULT_ACTION;
}
推荐答案
正常的安全管理器,并看看正常的安全管理器填充的结构,我能够确定我的问题是在GetSecurityId。为了我的目的,我想将安全域设置为所有用户的本地文件。
By delegating these functions to the normal security manager and having a look at the structures the normal security manager fills in, I was able to determine that my issue was in GetSecurityId. For my purposes, I wanted to set the security domain to be a local file for all comers.
#define SECURITY_DOMAIN "file:"
if (*pcbSecurityId >=512)
{
memset(pbSecurityId,0,*pcbSecurityId);
strcpy((char*)pbSecurityId,SECURITY_DOMAIN);
pbSecurityId[strlen(SECURITY_DOMAIN)+1] = 0;
pbSecurityId[strlen(SECURITY_DOMAIN)+2] = 0;
pbSecurityId[strlen(SECURITY_DOMAIN)+3] = 0;
pbSecurityId[strlen(SECURITY_DOMAIN)+4] = 0;
*pcbSecurityId = (DWORD)strlen(SECURITY_DOMAIN)+4;
}
这篇关于覆盖IInternetSecurityManager中的GetSecurityId的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!