一半來說,ActiveX控件在WEB開發的時候要避免使用,如果實在無法避免,則需要注意幾點:
1. ActiveX發布后一定要代碼簽名
2. 編寫的時候要標記為腳本安全
下面是針對VS2005 ATL工程向導生成的工程,加入“腳本安全”的特性
修改生成的.h文件
#pragma?once
#include?"resource.h"???????//?主符號
#include?"Launch.h"
#include?<vector>
#include?<atlctl.h>
//?CEduTaimentConsole
class?ATL_NO_VTABLE?CEduTaimentConsole?:?
????public?CComObjectRootEx<CComSingleThreadModel>,
????public?CComCoClass<CEduTaimentConsole,?&CLSID_EduTaimentConsole>,
????public?IDispatchImpl<IEduTaimentConsole,?&IID_IEduTaimentConsole,?&LIBID_LaunchLib,?/**//*wMajor?=*/?1,?/**//*wMinor?=*/?0>,
????//?加入IObjectSafetyImpl,實現IObjectSafety
????public?IObjectSafetyImpl<CEduTaimentConsole,?INTERFACESAFE_FOR_UNTRUSTED_CALLER?|?INTERFACESAFE_FOR_UNTRUSTED_DATA>?
{
public:
????CEduTaimentConsole()
????{
????}
DECLARE_REGISTRY_RESOURCEID(IDR_EDUTAIMENTCONSOLE)
BEGIN_COM_MAP(CEduTaimentConsole)
????//?實現安全接口
????COM_INTERFACE_ENTRY(IObjectSafety)
????
????COM_INTERFACE_ENTRY(IEduTaimentConsole)
????COM_INTERFACE_ENTRY(IDispatch)
END_COM_MAP()
//?加入到CATID_SafeForScripting?和?CATID_SafeForInitializing?COM分組
BEGIN_CATEGORY_MAP(CEduTaimentConsole)
????IMPLEMENTED_CATEGORY(CATID_SafeForScripting)
????IMPLEMENTED_CATEGORY(CATID_SafeForInitializing)
END_CATEGORY_MAP()
????DECLARE_PROTECT_FINAL_CONSTRUCT()
????HRESULT?FinalConstruct()
????{
????????return?S_OK;
????}
????
????void?FinalRelease()?
????{
????}
public:
????STDMETHOD(ShowDesktop)(VARIANT_BOOL?vbShow);
????STDMETHOD(EnableCtrlAltDel)(VARIANT_BOOL?vbEnabled);
????STDMETHOD(EnableHotKey)(VARIANT_BOOL?vbEnabled);
????STDMETHOD(ChangeDisplay)(VARIANT_BOOL?vbChange);
????//?加入這2個方法
????STDMETHOD(GetInterfaceSafetyOptions)(REFIID?riid,DWORD?*pdwSupportedOptions,DWORD?*pdwEnabledOptions);
????STDMETHOD(SetInterfaceSafetyOptions)(REFIID?riid,DWORD?dwOptionSetMask,DWORD?dwEnabledOptions);
????static?BOOL?IsDesktopVisible(void);
????static?BOOL?CALLBACK?__EnumWindowsProc(?HWND?hwnd,?LPARAM?lParam);
????static?void?__ShowApplications(BOOL?bShow);
????static?void?__ShowDesktop(BOOL?bShow);
????static?BOOL?__EnableHotKey(BOOL?bEnabled);
????static?void?__EnableCtrlAltDel(BOOL?bEnabled);
};
OBJECT_ENTRY_AUTO(__uuidof(EduTaimentConsole),?CEduTaimentConsole)
修改.cpp文件,加入的2個方法
STDMETHODIMP?CEduTaimentConsole::GetInterfaceSafetyOptions(REFIID?riid,
?????????????????????????????????????DWORD?*pdwSupportedOptions,
?????????????????????????????????????DWORD?*pdwEnabledOptions)
{
????ATLTRACE(_T("CObjectSafetyImpl::GetInterfaceSafetyOptions\n"));
????if?(!pdwSupportedOptions?||?!pdwEnabledOptions)
????????return?E_FAIL;
????LPUNKNOWN?pUnk;
????if?(_InternalQueryInterface?(riid,?(void**)&pUnk)?==?E_NOINTERFACE)?{
????????//?Our?object?doesn't?even?support?this?interface.
????????return?E_NOINTERFACE;
????}else{
????????//?Cleanup?after?ourselves.
????????pUnk->Release();
????????pUnk?=?NULL;
????}
????if?(riid?==?IID_IDispatch)?{
????????//?IDispatch?is?an?interface?used?for?scripting.?If?your
????????//?control?supports?other?IDispatch?or?Dual?interfaces,?you
????????//?may?decide?to?add?them?here?as?well.?Client?wants?to?know
????????//?if?object?is?safe?for?scripting.?Only?indicate?safe?for
????????//?scripting?when?the?interface?is?safe.
????????*pdwSupportedOptions?=?INTERFACESAFE_FOR_UNTRUSTED_CALLER;
????????*pdwEnabledOptions?=?m_dwCurrentSafety?&
????????????INTERFACESAFE_FOR_UNTRUSTED_CALLER;
????????return?S_OK;
????}else?if?((riid?==?IID_IPersistStreamInit)?||
????????(riid?==?IID_IPersistStorage))?{
????????????//?IID_IPersistStreamInit?and?IID_IPersistStorage?are
????????????//?interfaces?used?for?Initialization.?If?your?control
????????????//?supports?other?Persistence?interfaces,?you?may?decide?to
????????????//?add?them?here?as?well.?Client?wants?to?know?if?object?is
????????????//?safe?for?initializing.?Only?indicate?safe?for?initializing
????????????//?when?the?interface?is?safe.
????????????*pdwSupportedOptions?=?INTERFACESAFE_FOR_UNTRUSTED_DATA;
????????????*pdwEnabledOptions?=?m_dwCurrentSafety?&
????????????????INTERFACESAFE_FOR_UNTRUSTED_DATA;
????????????return?S_OK;
????}else{
????????//?We?are?saying?that?no?other?interfaces?in?this?control?are
????????//?safe?for?initializing?or?scripting.
????????*pdwSupportedOptions?=?0;
????????*pdwEnabledOptions?=?0;
????????return?E_FAIL;
????}
}
STDMETHODIMP?CEduTaimentConsole::SetInterfaceSafetyOptions(REFIID?riid,
?????????????????????????????????????DWORD?dwOptionSetMask,
?????????????????????????????????????DWORD?dwEnabledOptions)
{
????ATLTRACE(_T("CObjectSafetyImpl::SetInterfaceSafetyOptions\n"));
????if?(!dwOptionSetMask?&&?!dwEnabledOptions)?return?E_FAIL;
????LPUNKNOWN?pUnk;
????if?(_InternalQueryInterface?(riid,?(void**)&pUnk)?==?E_NOINTERFACE)?{
????????//?Our?object?doesn't?even?support?this?interface.
????????return?E_NOINTERFACE;
????}else{
????????//?Cleanup?after?ourselves.
????????pUnk->Release();
????????pUnk?=?NULL;
????}
????//?Store?our?current?safety?level?to?return?in
????//?GetInterfaceSafetyOptions
????m_dwCurrentSafety?|=?dwEnabledOptions?&?dwOptionSetMask;
????if?((riid?==?IID_IDispatch)?&&
????????(m_dwCurrentSafety?&?INTERFACESAFE_FOR_UNTRUSTED_CALLER))?{
????????????//?Client?wants?us?to?disable?any?functionality?that?would
????????????//?make?the?control?unsafe?for?scripting.?The?same?applies?to
????????????//?any?other?IDispatch?or?Dual?interfaces?your?control?may
????????????//?support.?Because?our?control?is?safe?for?scripting?by
????????????//?default?we?just?return?S_OK.
????????????return?S_OK;
????}else?if?(((riid?==?IID_IPersistStreamInit)?||
????????(riid?==?IID_IPersistStorage))?&&
????????(m_dwCurrentSafety?&?INTERFACESAFE_FOR_UNTRUSTED_DATA))?{
????????????//?Client?wants?us?to?make?the?control?safe?for?initializing
????????????//?from?persistent?data.?For?these?interfaces,?this?control
????????????//?is?safe?so?we?return?S_OK.?For?Any?interfaces?that?are?not
????????????//?safe,?we?would?return?E_FAIL.
????????????return?S_OK;
????}else{
????????//?This?control?doesn't?allow?Initialization?or?Scripting
????????//?from?any?other?interfaces?so?return?E_FAIL.
????????return?E_FAIL;
????}
}