winforms webbrowser控件中的JavaScript访问问题

时间:2012-02-20 11:23:20

标签: javascript .net winforms security browser

ETA:我已经开始工作,答案在下面发布。我会将任何能够准确解释发生了什么以及如何清理它的人作为答案。

我有一个类,其中包含一个带有winforms webbrowser控件的表单,用于显示html页面。我将一些脚本注入页面的头部,以便我可以查询有关样式的信息。

当我从可执行文件启动应用程序时,一切正常。但是我现在正试图在设计时从加载项启动应用程序。如果右键单击.htm类型文件并单击以启动浏览器,会发生什么。然后,加载项将启动浏览器,该浏览器将导航到提供的.htm文件路径。

我注意到的第一件事是浏览器现在显示以下消息:

为了保护您的安全,您的网络浏览器限制此文件显示可以访问您计算机的有效内容。点击此处查看选项...

然后我注意到,即使我点击启用活动内容,我的所有javascript调用现在也都失败了。

作为测试我尝试了这个简单的javascript调用(没有显式注入):

Me.Document.InvokeScript("execScript", New Object() {"alert('hello');", "JavaScript"})

这会导致javascript错误对话框显示“访问被拒绝

所以,这是一个安全问题。不是我想要的,但我尝试暂时降低IE中的所有安全级别,但这没有任何区别。

我应该补充一点,该应用包含2个webbrowser控件。第二个托管通过设置浏览器的 DocumentText 属性创建的网页。这不会受到javascript访问问题的影响。

ETA:我一直在研究IInternetSecurityManager,这可能与此有关吗?我希望不会:(

1 个答案:

答案 0 :(得分:0)

我已经设法使用IInternetSecurityManager,这是一个由webbrowser控件的站点返回的服务。 无论url是什么,我都通过在ProcessUrlAction方法中返回Ok来实现它。

我从互联网上找到的那些内容中将这一点拼凑在一起,所以如果有人能够指出如何将其清理并限制在内联网上,那么我会将其标记为答案。

我认为我需要在ProcessUrlAction中检查url,并根据其内容返回Ok或Default。

以下是代码:

Friend Class MainBrowser
Inherits WebBrowser

Private _Site As WebBrowserSite
Protected Overrides Function CreateWebBrowserSiteBase() As WebBrowserSiteBase
    If _Site Is Nothing Then
        _Site = New WebBrowserSite(Me)
    End If
    Return _Site
End Function

Protected Class WebBrowserSite
    Inherits System.Windows.Forms.WebBrowser.WebBrowserSite
    Implements NativeInterfaces.IServiceProvider
    Implements NativeInterfaces.IInternetSecurityManager

    Private Const INET_E_DEFAULT_ACTION As Integer = &H800C0011
    Private Const S_OK As Integer = 0
    Private Const E_NOINTERFACEX As Integer = &H80004002

    Private Shared IID_IInternetSecurityManager As Guid = Marshal.GenerateGuidForType(GetType(NativeInterfaces.IInternetSecurityManager))

    Private Owner As MainBrowser

    Public Sub New(ByVal owner As MainBrowser)
        MyBase.New(owner)
        owner = owner
    End Sub

    Public Function QueryService(ByRef guidService As System.Guid, ByRef riid As System.Guid, ByRef ppvObject As System.IntPtr) As Integer Implements NativeInterfaces.IServiceProvider.QueryService
        If guidService = IID_IInternetSecurityManager AndAlso riid = IID_IInternetSecurityManager Then
            ppvObject = Marshal.GetComInterfaceForObject(Me, GetType(NativeInterfaces.IInternetSecurityManager))
            Return S_OK
        End If
        ppvObject = IntPtr.Zero
        Return E_NOINTERFACEX
    End Function

    Public Function GetSecurityId(ByVal pwszUrl As String, ByVal pbSecurityId As System.IntPtr, ByRef pcbSecurityId As UInteger, ByRef dwReserved As UInteger) As Integer Implements NativeInterfaces.IInternetSecurityManager.GetSecurityId
        Return INET_E_DEFAULT_ACTION
    End Function

    Public Function GetSecuritySite(ByRef pSite As System.IntPtr) As Integer Implements NativeInterfaces.IInternetSecurityManager.GetSecuritySite
        pSite = IntPtr.Zero
        Return INET_E_DEFAULT_ACTION
    End Function

    Public Function SetSecuritySite(ByVal pSite As System.IntPtr) As Integer Implements NativeInterfaces.IInternetSecurityManager.SetSecuritySite
        Return INET_E_DEFAULT_ACTION
    End Function

    Public Function MapUrlToZone(ByVal pwszUrl As String, ByRef pdwZone As UInteger, ByVal dwFlags As UInteger) As Integer Implements NativeInterfaces.IInternetSecurityManager.MapUrlToZone
        pdwZone = 0 // URLZONE_LOCAL_MACHINE ?
        Return S_OK // no difference
        // Return INET_E_DEFAULT_ACTION
    End Function

    Public Function ProcessUrlAction(ByVal pwszUrl As String, ByVal dwAction As UInteger, ByVal pPolicy As System.IntPtr, ByVal cbPolicy As UInteger, ByVal pContext As System.IntPtr, ByVal cbContext As UInteger, ByVal dwFlags As UInteger, ByVal dwReserved As UInteger) As Integer Implements NativeInterfaces.IInternetSecurityManager.ProcessUrlAction
        // Return INET_E_DEFAULT_ACTION
        Return S_OK // This is what made the difference
    End Function

    Public Function QueryCustomPolicy(ByVal pwszUrl As String, ByRef guidKey As System.Guid, ByRef ppPolicy As System.IntPtr, ByRef pcbPolicy As UInteger, ByVal pContext As System.IntPtr, ByVal cbContext As UInteger, ByVal dwReserved As UInteger) As Integer Implements NativeInterfaces.IInternetSecurityManager.QueryCustomPolicy
        ppPolicy = IntPtr.Zero
        pcbPolicy = 0
        Return INET_E_DEFAULT_ACTION
    End Function

    Public Function SetZoneMapping1(ByVal dwZone As UInteger, ByVal lpszPattern As String, ByVal dwFlags As UInteger) As Integer Implements NativeInterfaces.IInternetSecurityManager.SetZoneMapping
        Return INET_E_DEFAULT_ACTION
    End Function

    Public Function GetZoneMappings(ByVal dwZone As UInteger, ByRef ppenumString As System.Runtime.InteropServices.ComTypes.IEnumString, ByVal dwFlags As UInteger) As Integer Implements NativeInterfaces.IInternetSecurityManager.GetZoneMappings
        ppenumString = Nothing
        Return INET_E_DEFAULT_ACTION
    End Function

End Class

End Class

接口: 

 <ComImport(), InterfaceType(ComInterfaceType.InterfaceIsIUnknown), Guid("6d5140c1-7436-11ce-8034-00aa006009fa")> _
Interface IServiceProvider
    <PreserveSig()> _
    Function QueryService(ByRef guidService As Guid, ByRef riid As Guid, ByRef ppvObject As IntPtr) As <MarshalAs(UnmanagedType.I4)> Integer
End Interface


<ComImport(), GuidAttribute("79EAC9EE-BAF9-11CE-8C82-00AA004BA90B"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)> _
Public Interface IInternetSecurityManager
    <PreserveSig()> _
    Function SetSecuritySite(<[In]()> ByVal pSite As IntPtr) As <MarshalAs(UnmanagedType.I4)> Integer

    <PreserveSig()> _
    Function GetSecuritySite(ByRef pSite As IntPtr) As <MarshalAs(UnmanagedType.I4)> Integer

    <PreserveSig()> _
    Function MapUrlToZone(<[In](), MarshalAs(UnmanagedType.LPWStr)> ByVal pwszUrl As String, ByRef pdwZone As UInt32, <[In]()> ByVal dwFlags As UInt32) As <MarshalAs(UnmanagedType.I4)> Integer

    <PreserveSig()> _
    Function GetSecurityId(<[In](), MarshalAs(UnmanagedType.LPWStr)> ByVal pwszUrl As String, <Out()> ByVal pbSecurityId As IntPtr, <[In](), Out()> ByRef pcbSecurityId As UInt32, <[In]()> ByRef dwReserved As UInt32) As <MarshalAs(UnmanagedType.I4)> Integer

    <PreserveSig()> _
    Function ProcessUrlAction(<[In](), MarshalAs(UnmanagedType.LPWStr)> ByVal pwszUrl As String, ByVal dwAction As UInt32, ByVal pPolicy As IntPtr, ByVal cbPolicy As UInt32, ByVal pContext As IntPtr, ByVal cbContext As UInt32, _
         ByVal dwFlags As UInt32, ByVal dwReserved As UInt32) As <MarshalAs(UnmanagedType.I4)> Integer

    <PreserveSig()> _
    Function QueryCustomPolicy(<[In](), MarshalAs(UnmanagedType.LPWStr)> ByVal pwszUrl As String, ByRef guidKey As Guid, ByRef ppPolicy As IntPtr, ByRef pcbPolicy As UInt32, ByVal pContext As IntPtr, ByVal cbContext As UInt32, _
         ByVal dwReserved As UInt32) As <MarshalAs(UnmanagedType.I4)> Integer

    <PreserveSig()> _
    Function SetZoneMapping(ByVal dwZone As UInt32, <[In](), MarshalAs(UnmanagedType.LPWStr)> ByVal lpszPattern As String, ByVal dwFlags As UInt32) As <MarshalAs(UnmanagedType.I4)> Integer

    <PreserveSig()> _
    Function GetZoneMappings(<[In]()> ByVal dwZone As UInt32, ByRef ppenumString As ComTypes.IEnumString, <[In]()> ByVal dwFlags As UInt32) As <MarshalAs(UnmanagedType.I4)> Integer
End Interface
相关问题
最新问题