An ActiveX control might be unsafe to interact with other parts of the page. Do you want to allow this interaction?

"fniles" <fn****@pfmail.com> wrote in message
news:en**************@tk2msftngp13.phx.gbl

I have an ActiveX control in my web page that I tried to access using
intranet.
I have implemented IObjectSafety in the ActiveX control, and when I
created the CAB file using VB Pakage and Deployment Wizard, under
"Safety Settings" I selected "Yes" for "Safe for Scripting" and "Yes"
for "Safe for Initialization". I also have signed the CAB file.
In IE, the option 'Script ActiveX controls marked Safe for Scripting'
is already set to 'Enable' (I use Security setting "Medium-Low").

I get a warning message 'An ActiveX control might be unsafe to
interact with other parts of the page. Do you want to allow this
interaction?'

Show how you implement IObjectSafety. It looks like you do it
incorrectly.
--
With best wishes,
Igor Tandetnik

With sufficient thrust, pigs fly just fine. However, this is not
necessarily a good idea. It is hard to be sure where they are going to
land, and it could be dangerous sitting under them as they fly
overhead. -- RFC 1925

On the ActiveX control Project menu, click References, and added VB
IObjectSafety Interface (c:\windows\system32\Objsafe.tlb) -> I did not
create this .tlb file myself, it's already there in c:\windows\system32.

In the ActiveX control project, I have a module called basSafectl.bas:
Option Explicit

Public Const IID_IDispatch = "{00020400-0000-0000-C000-000000000046}"
Public Const IID_IPersistStorage =
"{0000010A-0000-0000-C000-000000000046}"
Public Const IID_IPersistStream =
"{00000109-0000-0000-C000-000000000046}"
Public Const IID_IPersistPropertyBag =
"{37D84F60-42CB-11CE-8135-00AA004BB851}"

Public Const INTERFACESAFE_FOR_UNTRUSTED_CALLER = &H1
Public Const INTERFACESAFE_FOR_UNTRUSTED_DATA = &H2
Public Const E_NOINTERFACE = &H80004002
Public Const E_FAIL = &H80004005
Public Const MAX_GUIDLEN = 40

Public Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" _
(pDest As Any, pSource As Any, ByVal ByteLen As Long)
Public Declare Function StringFromGUID2 Lib "ole32.dll" (rguid As _
Any, ByVal lpstrClsId As Long, ByVal cbMax As Integer) As Long

Public Type udtGUID
Data1 As Long
Data2 As Integer
Data3 As Integer
Data4(7) As Byte
End Type

Public m_fSafeForScripting As Boolean
Public m_fSafeForInitializing As Boolean

Sub Main()
m_fSafeForScripting = True
m_fSafeForInitializing = True
End Sub

In the ActiveX control project, in the control:
Option Explicit
Implements IObjectSafety

Private Sub IObjectSafety_GetInterfaceSafetyOptions(ByVal riid As _
Long, pdwSupportedOptions As Long, pdwEnabledOptions As Long)

Dim rc As Long
Dim rClsId As udtGUID
Dim IID As String
Dim bIID() As Byte

pdwSupportedOptions = INTERFACESAFE_FOR_UNTRUSTED_CALLER Or _
INTERFACESAFE_FOR_UNTRUSTED_DATA

If (riid <> 0) Then
CopyMemory rClsId, ByVal riid, Len(rClsId)

bIID = String$(MAX_GUIDLEN, 0)
rc = StringFromGUID2(rClsId, VarPtr(bIID(0)), MAX_GUIDLEN)
rc = InStr(1, bIID, vbNullChar) - 1
IID = Left$(UCase(bIID), rc)

Select Case IID
Case IID_IDispatch
pdwEnabledOptions = IIf(m_fSafeForScripting, _
INTERFACESAFE_FOR_UNTRUSTED_CALLER, 0)
Exit Sub
Case IID_IPersistStorage, IID_IPersistStream, _
IID_IPersistPropertyBag
pdwEnabledOptions = IIf(m_fSafeForInitializing, _
INTERFACESAFE_FOR_UNTRUSTED_DATA, 0)
Exit Sub
Case Else
Err.Raise E_NOINTERFACE
Exit Sub
End Select
End If
End Sub

Private Sub IObjectSafety_SetInterfaceSafetyOptions(ByVal riid As _
Long, ByVal dwOptionsSetMask As Long, ByVal dwEnabledOptions As Long)
Dim rc As Long
Dim rClsId As udtGUID
Dim IID As String
Dim bIID() As Byte

If (riid <> 0) Then
CopyMemory rClsId, ByVal riid, Len(rClsId)

bIID = String$(MAX_GUIDLEN, 0)
rc = StringFromGUID2(rClsId, VarPtr(bIID(0)), MAX_GUIDLEN)
rc = InStr(1, bIID, vbNullChar) - 1
IID = Left$(UCase(bIID), rc)

Select Case IID
Case IID_IDispatch
If ((dwEnabledOptions And dwOptionsSetMask) <> _
INTERFACESAFE_FOR_UNTRUSTED_CALLER) Then
Err.Raise E_FAIL
Exit Sub
Else
If Not m_fSafeForScripting Then
Err.Raise E_FAIL
End If
Exit Sub
End If

Case IID_IPersistStorage, IID_IPersistStream, _
IID_IPersistPropertyBag
If ((dwEnabledOptions And dwOptionsSetMask) <> _
INTERFACESAFE_FOR_UNTRUSTED_DATA) Then
Err.Raise E_FAIL
Exit Sub
Else
If Not m_fSafeForInitializing Then
Err.Raise E_FAIL
End If
Exit Sub
End If

Case Else
Err.Raise E_NOINTERFACE
Exit Sub
End Select
End If
End Sub

Thank you.

"Igor Tandetnik" <it********@mvps.org> wrote in message
news:u4**************@TK2MSFTNGP09.phx.gbl...

"fniles" <fn****@pfmail.com> wrote in message
news:en**************@tk2msftngp13.phx.gbl

I have an ActiveX control in my web page that I tried to access using
intranet.
I have implemented IObjectSafety in the ActiveX control, and when I
created the CAB file using VB Pakage and Deployment Wizard, under
"Safety Settings" I selected "Yes" for "Safe for Scripting" and "Yes"
for "Safe for Initialization". I also have signed the CAB file.
In IE, the option 'Script ActiveX controls marked Safe for Scripting'
is already set to 'Enable' (I use Security setting "Medium-Low").

I get a warning message 'An ActiveX control might be unsafe to
interact with other parts of the page. Do you want to allow this
interaction?'

Show how you implement IObjectSafety. It looks like you do it incorrectly.
--
With best wishes,
Igor Tandetnik

With sufficient thrust, pigs fly just fine. However, this is not
necessarily a good idea. It is hard to be sure where they are going to
land, and it could be dangerous sitting under them as they fly
overhead. -- RFC 1925

"fniles" <fn****@pfmail.com> wrote in message
news:eG*************@TK2MSFTNGP10.phx.gbl

In the ActiveX control project, I have a module called basSafectl.bas:
Option Explicit

I don't really know VB so I cannot intelligently comment on this code.
Just make sure that pdwEnabledOptions does indeed end up with
INTERFACESAFE_FOR_UNTRUSTED_CALLER flag in it. If I were you, I'd just
throw in both INTERFACESAFE_FOR_UNTRUSTED_CALLER and
INTERFACESAFE_FOR_UNTRUSTED_DATA unconditionally. It is very unusual to
have to vary your flags depending on the IID parameter.
SetInterfaceSafetyOptions is also only needed in rare advanced cases -
most of the time you just return S_OK and do nothing.
--
With best wishes,
Igor Tandetnik

With sufficient thrust, pigs fly just fine. However, this is not
necessarily a good idea. It is hard to be sure where they are going to
land, and it could be dangerous sitting under them as they fly
overhead. -- RFC 1925

Thanks for your help.
I found my problem.
From Project Properties, I need to change the Startup Object to Sub Main to
execute the Sub Main.

Sub Main()
m_fSafeForScripting = True
m_fSafeForInitializing = True
End Sub
"Igor Tandetnik" <it********@mvps.org> wrote in message
news:eR**************@TK2MSFTNGP10.phx.gbl...

"fniles" <fn****@pfmail.com> wrote in message
news:eG*************@TK2MSFTNGP10.phx.gbl

In the ActiveX control project, I have a module called basSafectl.bas:
Option Explicit

I don't really know VB so I cannot intelligently comment on this code.
Just make sure that pdwEnabledOptions does indeed end up with
INTERFACESAFE_FOR_UNTRUSTED_CALLER flag in it. If I were you, I'd just
throw in both INTERFACESAFE_FOR_UNTRUSTED_CALLER and
INTERFACESAFE_FOR_UNTRUSTED_DATA unconditionally. It is very unusual to
have to vary your flags depending on the IID parameter.
SetInterfaceSafetyOptions is also only needed in rare advanced cases -
most of the time you just return S_OK and do nothing.
--
With best wishes,
Igor Tandetnik

With sufficient thrust, pigs fly just fine. However, this is not
necessarily a good idea. It is hard to be sure where they are going to
land, and it could be dangerous sitting under them as they fly
overhead. -- RFC 1925