winforms Web浏览器控件中的JavaScript访问问题
JavaScript access issue in winforms webbrowser control
ETA:我已经完成了,答案发布在下面。我会把任何能准确解释发生了什么以及我如何清理的人作为答案
我有一个类,它包含一个带有winforms Web浏览器控件的表单,用于显示html页面。我将一些脚本注入页面的头部,以便查询有关样式的信息。
当我从可执行文件启动应用程序时,一切都很好。然而,我现在正试图在设计时从外接程序启动该应用程序。结果是右键单击.htm类型的文件,然后单击以启动浏览器。然后,加载项启动浏览器,导航到提供的.htm文件路径。
我注意到的第一件事是浏览器现在显示以下消息:
"为了帮助保护您的安全,您的web浏览器已限制此文件显示可能访问您计算机的活动内容。单击此处查看选项…"
然后我注意到,即使我点击启用活动内容,我所有的javascript调用现在都失败了。
作为测试,我尝试了这个简单的javascript调用(没有显式注入):
Me.Document.InvokeScript("execScript", New Object() {"alert('hello');", "JavaScript"})
这会导致一个javascript错误对话框,显示"访问被拒绝"
所以,这是一个安全问题。我并不是想这样做,但我尝试暂时降低IE中的所有安全级别,但这没有什么不同。
我应该补充一下,该应用程序包含2个网络浏览器控件。第二个是通过设置浏览器的DocumentText属性创建的网页。这不会受到javascript访问问题的影响。
ETA:我一直在调查IInternetSecurityManager,这可能与此有关吗?我希望不会:(
我已经设法让它与IInternetSecurityManager一起工作,IInternetSecurity Manager是由Web浏览器控件的站点返回的服务。我通过在ProcessUrlAction方法中返回Ok而不管url是什么来实现它。
我从互联网上找到的一些片段中抄袭了这篇文章,所以如果有人能指出如何清理并限制在内部网中,我会把它标记为答案。
我想我需要在ProcessUrlAction中检查url,并根据其内容返回Ok或Default。
这是代码:
Friend Class MainBrowser
Inherits WebBrowser
Private _Site As WebBrowserSite
Protected Overrides Function CreateWebBrowserSiteBase() As WebBrowserSiteBase
If _Site Is Nothing Then
_Site = New WebBrowserSite(Me)
End If
Return _Site
End Function
Protected Class WebBrowserSite
Inherits System.Windows.Forms.WebBrowser.WebBrowserSite
Implements NativeInterfaces.IServiceProvider
Implements NativeInterfaces.IInternetSecurityManager
Private Const INET_E_DEFAULT_ACTION As Integer = &H800C0011
Private Const S_OK As Integer = 0
Private Const E_NOINTERFACEX As Integer = &H80004002
Private Shared IID_IInternetSecurityManager As Guid = Marshal.GenerateGuidForType(GetType(NativeInterfaces.IInternetSecurityManager))
Private Owner As MainBrowser
Public Sub New(ByVal owner As MainBrowser)
MyBase.New(owner)
owner = owner
End Sub
Public Function QueryService(ByRef guidService As System.Guid, ByRef riid As System.Guid, ByRef ppvObject As System.IntPtr) As Integer Implements NativeInterfaces.IServiceProvider.QueryService
If guidService = IID_IInternetSecurityManager AndAlso riid = IID_IInternetSecurityManager Then
ppvObject = Marshal.GetComInterfaceForObject(Me, GetType(NativeInterfaces.IInternetSecurityManager))
Return S_OK
End If
ppvObject = IntPtr.Zero
Return E_NOINTERFACEX
End Function
Public Function GetSecurityId(ByVal pwszUrl As String, ByVal pbSecurityId As System.IntPtr, ByRef pcbSecurityId As UInteger, ByRef dwReserved As UInteger) As Integer Implements NativeInterfaces.IInternetSecurityManager.GetSecurityId
Return INET_E_DEFAULT_ACTION
End Function
Public Function GetSecuritySite(ByRef pSite As System.IntPtr) As Integer Implements NativeInterfaces.IInternetSecurityManager.GetSecuritySite
pSite = IntPtr.Zero
Return INET_E_DEFAULT_ACTION
End Function
Public Function SetSecuritySite(ByVal pSite As System.IntPtr) As Integer Implements NativeInterfaces.IInternetSecurityManager.SetSecuritySite
Return INET_E_DEFAULT_ACTION
End Function
Public Function MapUrlToZone(ByVal pwszUrl As String, ByRef pdwZone As UInteger, ByVal dwFlags As UInteger) As Integer Implements NativeInterfaces.IInternetSecurityManager.MapUrlToZone
pdwZone = 0 // URLZONE_LOCAL_MACHINE ?
Return S_OK // no difference
// Return INET_E_DEFAULT_ACTION
End Function
Public Function ProcessUrlAction(ByVal pwszUrl As String, ByVal dwAction As UInteger, ByVal pPolicy As System.IntPtr, ByVal cbPolicy As UInteger, ByVal pContext As System.IntPtr, ByVal cbContext As UInteger, ByVal dwFlags As UInteger, ByVal dwReserved As UInteger) As Integer Implements NativeInterfaces.IInternetSecurityManager.ProcessUrlAction
// Return INET_E_DEFAULT_ACTION
Return S_OK // This is what made the difference
End Function
Public Function QueryCustomPolicy(ByVal pwszUrl As String, ByRef guidKey As System.Guid, ByRef ppPolicy As System.IntPtr, ByRef pcbPolicy As UInteger, ByVal pContext As System.IntPtr, ByVal cbContext As UInteger, ByVal dwReserved As UInteger) As Integer Implements NativeInterfaces.IInternetSecurityManager.QueryCustomPolicy
ppPolicy = IntPtr.Zero
pcbPolicy = 0
Return INET_E_DEFAULT_ACTION
End Function
Public Function SetZoneMapping1(ByVal dwZone As UInteger, ByVal lpszPattern As String, ByVal dwFlags As UInteger) As Integer Implements NativeInterfaces.IInternetSecurityManager.SetZoneMapping
Return INET_E_DEFAULT_ACTION
End Function
Public Function GetZoneMappings(ByVal dwZone As UInteger, ByRef ppenumString As System.Runtime.InteropServices.ComTypes.IEnumString, ByVal dwFlags As UInteger) As Integer Implements NativeInterfaces.IInternetSecurityManager.GetZoneMappings
ppenumString = Nothing
Return INET_E_DEFAULT_ACTION
End Function
End Class
End Class
接口:
<ComImport(), InterfaceType(ComInterfaceType.InterfaceIsIUnknown), Guid("6d5140c1-7436-11ce-8034-00aa006009fa")> _
Interface IServiceProvider
<PreserveSig()> _
Function QueryService(ByRef guidService As Guid, ByRef riid As Guid, ByRef ppvObject As IntPtr) As <MarshalAs(UnmanagedType.I4)> Integer
End Interface
<ComImport(), GuidAttribute("79EAC9EE-BAF9-11CE-8C82-00AA004BA90B"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)> _
Public Interface IInternetSecurityManager
<PreserveSig()> _
Function SetSecuritySite(<[In]()> ByVal pSite As IntPtr) As <MarshalAs(UnmanagedType.I4)> Integer
<PreserveSig()> _
Function GetSecuritySite(ByRef pSite As IntPtr) As <MarshalAs(UnmanagedType.I4)> Integer
<PreserveSig()> _
Function MapUrlToZone(<[In](), MarshalAs(UnmanagedType.LPWStr)> ByVal pwszUrl As String, ByRef pdwZone As UInt32, <[In]()> ByVal dwFlags As UInt32) As <MarshalAs(UnmanagedType.I4)> Integer
<PreserveSig()> _
Function GetSecurityId(<[In](), MarshalAs(UnmanagedType.LPWStr)> ByVal pwszUrl As String, <Out()> ByVal pbSecurityId As IntPtr, <[In](), Out()> ByRef pcbSecurityId As UInt32, <[In]()> ByRef dwReserved As UInt32) As <MarshalAs(UnmanagedType.I4)> Integer
<PreserveSig()> _
Function ProcessUrlAction(<[In](), MarshalAs(UnmanagedType.LPWStr)> ByVal pwszUrl As String, ByVal dwAction As UInt32, ByVal pPolicy As IntPtr, ByVal cbPolicy As UInt32, ByVal pContext As IntPtr, ByVal cbContext As UInt32, _
ByVal dwFlags As UInt32, ByVal dwReserved As UInt32) As <MarshalAs(UnmanagedType.I4)> Integer
<PreserveSig()> _
Function QueryCustomPolicy(<[In](), MarshalAs(UnmanagedType.LPWStr)> ByVal pwszUrl As String, ByRef guidKey As Guid, ByRef ppPolicy As IntPtr, ByRef pcbPolicy As UInt32, ByVal pContext As IntPtr, ByVal cbContext As UInt32, _
ByVal dwReserved As UInt32) As <MarshalAs(UnmanagedType.I4)> Integer
<PreserveSig()> _
Function SetZoneMapping(ByVal dwZone As UInt32, <[In](), MarshalAs(UnmanagedType.LPWStr)> ByVal lpszPattern As String, ByVal dwFlags As UInt32) As <MarshalAs(UnmanagedType.I4)> Integer
<PreserveSig()> _
Function GetZoneMappings(<[In]()> ByVal dwZone As UInt32, ByRef ppenumString As ComTypes.IEnumString, <[In]()> ByVal dwFlags As UInt32) As <MarshalAs(UnmanagedType.I4)> Integer
End Interface
相关文章:
- 从JavaScript访问struts操作中的属性
- 通过 javascript 访问类
- 如何使用JavaScript访问HTML链接内容
- 使用javascript访问php变量
- Javascript-访问对象
- 使用Oauth使用Javascript访问Api
- 通过JavaScript访问需要身份验证的页面
- 如何使用javascript访问sails.js模型中的属性
- 用javascript访问数组中的数组
- 从Symfony2中的javascript访问php变量
- 从Middleman中的Javascript访问config.rb
- 如何从javascript访问表单数据
- 创建一个html表单并使用javascript访问中的python脚本
- 使用JavaScript访问Chrome扩展的剪贴板
- 如何从javascript访问sqlite3数据库表值
- 如何从 JavaScript 访问 Sign Applelet 方法
- JavaScript:访问继承子模块中的“封闭”变量
- 使用 FourSquare API 和 javascript 访问场地提示
- 如何从javascript访问MySql数据库的数据
- 如何通过 javascript 访问参数化函数背后的代码
