js调用activex添加的安全代码

1、js 调用 activex 添加的安全代码实战 1 ：在 OCXCtl.h 中添加 #include comcat.h#include <objsafe.h>在 OCXCtl.cpp 中添加/ 安全否则 JSP 无法调用 /HRESULT CreateComponentCategory(CATID catid,WCHAR* catDescription)ICatRegister* pcr= NULL;HRESULT hr = S_OK;hr =CoCreateInstance(CLSID_StdComponentCategoriesMgr,NULL,CLSCTX_INPROC_SE

2、RVER,IID_ICatRegister,(void* )&pcr);if(FAILED(hr)return hr;CATEGORYINFO catinfo;catinfo.catid = catid;catinfo.lcid = 0x0409;int len = wcslen(catDescription);if(len>127)len = 127;wcsncpy(catinfo.szDescription,catDescription,len);catinfo.szDescriptionlen=0;hr = pcr->RegisterCategories(1,&

3、;catinfo);pcr->Release();return hr;HRESULT RegisterCLSIDInCategory(REFCLSID clsid,CATID catid) ICatRegister* pcr = NULL;HRESULT hr = S_OK;hr = CoCreateInstance(CLSID_StdComponentCategoriesMgr, NULL,CLSCTX_INPROC_SERVER,IID_ICatRegister,(void* )&pcr);if(SUCCEEDED(hr)CATID rgcatid1; rgcatid0 =

4、catid;hr = pcr->RegisterClassImplCategories(clsid,1,rgcatid);if(pcr!= NULL)pcr->Release();return hr;HRESULT UnRegisterCLSIDInCategory(REFCLSID clsid,CATID catid)ICatRegister* pcr = NULL;HRESULT hr = S_OK;hr = CoCreateInstance(CLSID_StdComponentCategoriesMgr, NULL,CLSCTX_INPROC_SERVER,IID_ICatR

5、egister,(void* )&pcr);if(SUCCEEDED(hr)CATID rgcatid1;rgcatid0 = catid;hr = pcr->UnRegisterClassImplCategories(clsid,1,rgcatid);if(pcr!= NULL)pcr->Release();return hr;BOOLCDown_Clear_OCXCtrl:CDown_Clear_OCXCtrlFactory:Upd ateRegistry(BOOL bRegister)if(bRegister)HRESULT hr = S_OK;hr = Create

6、ComponentCategory(CATID_SafeForScripting, LControls that are safely scriptable);if(FAILED(hr)return FALSE;hr =RegisterCLSIDInCategory(m_clsid,CATID_SafeForScripting); if(FAILED(hr)return FALSE;hr =RegisterCLSIDInCategory(m_clsid,CATID_SafeForInitializing) ;if(FAILED(hr)return FALSE;return AfxOleRegi

7、sterControlClass(AfxGetInstanceHandle(), m_clsid, m_lpszProgID,IDS_DOWN_CLEAR_OCX,IDB_DOWN_CLEAR_COX,afxRegInsertable | afxRegApartmentThreading,_dwDown_Clear_OCXOleMisc,_tlid,_wVerMajor,_wVerMinor);elseHRESULT hr = S_OK;hr =UnRegisterCLSIDInCategory(m_clsid,CATID_SafeForScriptin g);if(FAILED(hr)ret

8、urn FALSE;hr =UnRegisterCLSIDInCategory(m_clsid,CATID_SafeForInitializi ng);if(FAILED(hr)return FALSE;return AfxOleUnregisterClass(m_clsid,m_lpszProgID); 使你的 ActiveX 控件执行时不弹出安全性提示2010-06-19 19:57我们编写一个ActiveX 控件在 IE 中运行， 一般会弹出一个安全提示，如何避免这种情况？下面是我在参考前人的文章后， 总结出 “在浏览器中执行时不弹出警告的 ActiveX 控件”的两种编写方法，予以备忘

9、。注意，这里不会弹出警告是说在执行时不会弹出， 也就是说已经安装了这个ActiveX 控件。如果要下载安装这个ActiveX 控件时不会弹出安全警告，恐怕就得去买数字证书了。不过即使有数字证书，还是得用户同意后才会下载安装。以下两种方法在WINXP-SP2+VC6 下通过。方法 1：修改注册表可能你在看完下面的过程后会发现，程序没有一个地方对注册表操作过。其实不然，这里所谓的修改注册表的方法就是使用组件类型管理器(ComponentCategoriesManager)创建一个正确的入口到系统注册表。IE通过检测注册表判断一个控件是否可以安全地初始化和脚本操作。 IE 会通过调用ICatInfo

10、rmation:IsClassOfCategories方法确定控件是否支持给出的安全性分组。其中对注册表的操作都已经封装起来，隐藏在底层了，所以看不到。必须包括两个头文件#include <comcat.h>#include <Objsafe.h>const GUID CDECL CLSID_SafeItem =0xD321B11E, 0x8E79, 0x4829, 0xAB, 0x80, 0x9E, 0x59,0x92, 0x06, 0xAB, 0xB7;/ 用你的控件类GUID 替换/ 注册组件种类为安全HRESULT AddCategorySafty(CATID

11、catid, TCHAR* catDescription)ICatRegister* pcr = NULL ;HRESULT hr = S_OK ; hr =CoCreateInstance(CLSID_StdComponentCategoriesMgr,NULL, CLSCTX_INPROC_SERVER, IID_ICatRegister, (void*)&pcr);if (FAILED(hr)return hr; CATEGORYINFO catinfo;catinfo.catid = catid;catinfo.lcid = 0x0409 ; / 英语语言 / 最长只拷贝127

12、 个字符。int len = lstrlen(catDescription);if (len > 127)len = 127;lstrcpyn(TCHAR*)(catinfo.szDescription), catDescription, len+1); hr = pcr->RegisterCategories(1, &catinfo); pcr->Release(); return hr;/移除已经注册为安全的组件种类HRESULT RemoveCategorySafty(CATID catid)ICatRegister* pcr = NULL ;HRESULT h

13、r = S_OK ; hr =CoCreateInstance(CLSID_StdComponentCategoriesMgr,NULL, CLSCTX_INPROC_SERVER, IID_ICatRegister, (void*)&pcr);if (FAILED(hr)return hr; hr = pcr->UnRegisterCategories(1, &catid);pcr->Release(); return hr;/ 把你的控件注册到已经注册为安全的组件种类HRESULT RegisterCLSIDInCategory(REFCLSID clsid,C

14、ATID catid)ICatRegister* pcr = NULL ;HRESULT hr = S_OK ;hr =CoCreateInstance(CLSID_StdComponentCategoriesMgr,NULL, CLSCTX_INPROC_SERVER, IID_ICatRegister, (void*)&pcr);if (SUCCEEDED(hr)CATID rgcatid1 ;rgcatid0 = catid;hr = pcr->RegisterClassImplCategories(clsid, 1, rgcatid);if (pcr != NULL) p

15、cr->Release();return hr;/ 把你的控件从安全组件种类移除HRESULT UnRegisterCLSIDInCategory(REFCLSID clsid,CATID catid)ICatRegister* pcr = NULL ;HRESULT hr = S_OK ; hr =CoCreateInstance(CLSID_StdComponentCategoriesMgr,NULL, CLSCTX_INPROC_SERVER, IID_ICatRegister, (void*)&pcr);if (SUCCEEDED(hr)/ Unregister this

16、 category as being implemented by the class.CATID rgcatid1 ;rgcatid0 = catid;hr = pcr->UnRegisterClassImplCategories(clsid, 1, rgcatid); if (pcr != NULL) pcr->Release(); return hr;/使你的控件不弹出警告地执行HRESULT MakeActiveXSafty(REFCLSID clsid)HRESULT hr; hr =AddCategorySafty(CATID_SafeForInitializing,_

17、T(Controls safely initializable!);if (FAILED(hr)return hr;hr = RegisterCLSIDInCategory(clsid, CATID_SafeForInitializing);if (FAILED(hr)return hr; hr =AddCategorySafty(CATID_SafeForScripting, _T(Controls safely scriptable!);if (FAILED(hr)return hr;hr = RegisterCLSIDInCategory(clsid, CATID_SafeForScri

18、pting);return hr;/去除控件的安全执行性HRESULT UnMakeActiveXSafty(REFCLSID clsid)HRESULT hr;hr = UnRegisterCLSIDInCategory(clsid, CATID_SafeForInitializing);if (FAILED(hr)return hr;hr = UnRegisterCLSIDInCategory(clsid, CATID_SafeForScripting);if (FAILED(hr)return hr;/下面的代码是把安全组件种类去掉。去掉的话，如果有其他的控件注册为这两个种类/那么其他的

19、控件执行时就会弹出警告。需不需要下面的代码就见仁见智，看实际情况了hr = RemoveCategorySafty(CATID_SafeForInitializing);if (FAILED(hr)return hr;hr =RemoveCategorySafty(CATID_SafeForScripting);return hr;然后在 DllRegisterServer 函数的 “ return NOERROR; ” 前添加 如下代码：HRESULT hr = MakeActiveXSafty(CLSID_SafeItem);if (FAILED(hr)return hr;在 DllUnr

20、egisterServer 函数的“ AFX_MANAGE_STATE(_afxModuleAddrThis);”后添加如下代码：HRESULT hr = UnMakeActiveXSafty(CLSID_SafeItem);if (FAILED(hr)OutputDebugString(_T( 去除控件的安全执行性时出错 !);方法 2：实现ObjectSafe 接口我创建了一个MFC ActiveX ControlWizard 的工程，工程为TestAX ，它的控件类是CTestAXCtrl ，下面所有的代码和操作都是在这个类的头文件和实现文件中进行。红色的部分是为了实现 ObjectSa

21、fe 接口而增加的代码。在头文件中：#if !defined(AFX_TESTAXCTL_H_C2084528_F93E_42D8_A13D_7E38775A0481_INCLUDED_)#defineAFX_TESTAXCTL_H_C2084528_F93E_42D8_A13D_7E38775A0481_INCLUDED_#if _MSC_VER > 1000#pragma once#endif / _MSC_VER > 1000/ #include <ComCat.h>#include <ObjSafe.h>/ 增加这个头文件/ TestAXCtl.h

22、: Declaration of the CTestAXCtrl ActiveXControl class./ CTestAXCtrl : See TestAXCtl.cpp for implementation.class CTestAXCtrl : public COleControlDECLARE_DYNCREATE(CTestAXCtrl)/ Constructorpublic:CTestAXCtrl();/ 增加如下代码:DECLARE_INTERFACE_MAP()BEGIN_INTERFACE_PART(MyObjSafe, IObjectSafety)/MyObjSafe 可以

23、使其他变量名， 但是下面用到的地方也需要换STDMETHOD_(HRESULT, GetInterfaceSafetyOptions) (REFIID riid,DWORD _RPC_FAR *pdwSupportedOptions,DWORD _RPC_FAR *pdwEnabledOptions);STDMETHOD_(HRESULT, SetInterfaceSafetyOptions) (REFIID riid,DWORD dwOptionSetMask,DWORD dwEnabledOptions);END_INTERFACE_PART(MyObjSafe);。在实现文件中：/ Te

24、stAXCtl.cpp : Implementation of the CTestAXCtrl ActiveXControl class.#include stdafx.h#include testAX.h#include TestAXCtl.h#include TestAXPpg.h#ifdef _DEBUG#define new DEBUG_NEW#undef THIS_FILEstatic char THIS_FILE = _FILE_;#endifIMPLEMENT_DYNCREATE(CTestAXCtrl, COleControl)/接口映射BEGIN_INTERFACE_MAP(

25、CTestAXCtrl, COleControl )INTERFACE_PART(CTestAXCtrl, IID_IObjectSafety,MyObjSafe)END_INTERFACE_MAP()。 。 (其他代码省略)/接口的函数实现ULONG FAR EXPORT CTestAXCtrl:XMyObjSafe:AddRef()METHOD_PROLOGUE(CTestAXCtrl, MyObjSafe)return pThis->ExternalAddRef();ULONG FAR EXPORT CTestAXCtrl:XMyObjSafe:Release()METHOD_PROLOGUE(CTestAXCtrl, MyObjSafe)return pThis->ExternalRelease();HRESULT FAR EXPORTCTestAXCtrl:XMyObjSafe:QueryInterface(REFIID iid, voi