By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
459,200 Members | 1,665 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 459,200 IT Pros & Developers. It's quick & easy.

Non-visual C# objects on a webpage are not marked as "safe for scr

P: n/a
Non-visual C# objects on a webpage are not marked as "safe for scripting"

I'm developing .NET components in C# which are used as ActiveX-style
controls on web pages that are displayed inside a custom browser which is
based on the IE web browser control. On 3 of about 100 PCs that the controls
have been tried on, the browser produces the following error message:

An ActiveX control on this page is not safe.
Your current security settings prohibit running unsafe controls on this
page.
As a result, this page may not display as intended.

I believe this is the "not safe for scripting" error. According to what
I've read, we shouldn't be seeing this error because the object tag which
puts the C# control on the page references a URL in the CLASSID attribute;
supposedly this type of reference automatically marks the object as safe for
scripting. However, neither adding a 'mayscript="true"' attribute to the
object tag nor implementing IObjectSafety eliminates the problem.

The problem only plagues non-visual controls, i.e., C# objects which do not
inherit from System.Windows.Forms.Control. The only step required to
alleviate the problem is to inherit from System.Windows.Forms.Control or one
of its derivatives. However, inheriting from System.ComponentModel.Component
does not eliminate the error message.

Is this the expected behavior? Is there another workaround which would
allow me to put non-visual, non-Control-derived C# classes on the web page?

I'm using v1.1 SP1 of the Framework.

Nov 16 '05 #1
Share this Question
Share on Google+
4 Replies


P: n/a
lwickland,

I would try and define the IObjectSafety interface on your objects. You
would have to define it first, but that should be a trivial matter.

Hope this helps.
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com

"lwickland" <lw*******@discussions.microsoft.com> wrote in message
news:19**********************************@microsof t.com...
Non-visual C# objects on a webpage are not marked as "safe for scripting"

I'm developing .NET components in C# which are used as ActiveX-style
controls on web pages that are displayed inside a custom browser which is
based on the IE web browser control. On 3 of about 100 PCs that the
controls
have been tried on, the browser produces the following error message:

An ActiveX control on this page is not safe.
Your current security settings prohibit running unsafe controls on this
page.
As a result, this page may not display as intended.

I believe this is the "not safe for scripting" error. According to what
I've read, we shouldn't be seeing this error because the object tag which
puts the C# control on the page references a URL in the CLASSID attribute;
supposedly this type of reference automatically marks the object as safe
for
scripting. However, neither adding a 'mayscript="true"' attribute to the
object tag nor implementing IObjectSafety eliminates the problem.

The problem only plagues non-visual controls, i.e., C# objects which do
not
inherit from System.Windows.Forms.Control. The only step required to
alleviate the problem is to inherit from System.Windows.Forms.Control or
one
of its derivatives. However, inheriting from
System.ComponentModel.Component
does not eliminate the error message.

Is this the expected behavior? Is there another workaround which would
allow me to put non-visual, non-Control-derived C# classes on the web
page?

I'm using v1.1 SP1 of the Framework.

Nov 16 '05 #2

P: n/a


"Nicholas Paldino [.NET/C# MVP]" wrote:
lwickland,

I would try and define the IObjectSafety interface on your objects. You
would have to define it first, but that should be a trivial matter.

Nicholas,

Thanks for replying.

As I noted in my original post, I have tried implementing IObjectSafety to
no avail.

I stuck MessageBox.Show()s in the methods implementing IObjectSafety to
ensure that I had implemented it correctly. On a PC that didn't display the
"safe for scripting" error, the MessageBox.Show()s were displayed as expected
when the javascript on the web page referenced the C# object. On a PC that
did display the "safe for scripting" error, the MessageBoxes weren't
displayed, indicating to me that the web page wasn't recognizing that the
object implemented IObjectSafety.

Do you have any further suggestions?

We haven't been able to find any pattern to the PCs that the problem has
appeared on; we've seen the issue on both Windows 2000 and Windows XP.

Thanks,

Leif Wickland
Nov 16 '05 #3

P: n/a
Hi,

Can someone show me how to implement the IObjectSafety (or any other MS
defined) interface using C#? I am new to .NET and apparently I am missing
something. Everything I've tried does not work.

Jeff Finz

"Nicholas Paldino [.NET/C# MVP]" wrote:
lwickland,

I would try and define the IObjectSafety interface on your objects. You
would have to define it first, but that should be a trivial matter.

Hope this helps.
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com

"lwickland" <lw*******@discussions.microsoft.com> wrote in message
news:19**********************************@microsof t.com...
Non-visual C# objects on a webpage are not marked as "safe for scripting"

I'm developing .NET components in C# which are used as ActiveX-style
controls on web pages that are displayed inside a custom browser which is
based on the IE web browser control. On 3 of about 100 PCs that the
controls
have been tried on, the browser produces the following error message:

An ActiveX control on this page is not safe.
Your current security settings prohibit running unsafe controls on this
page.
As a result, this page may not display as intended.

I believe this is the "not safe for scripting" error. According to what
I've read, we shouldn't be seeing this error because the object tag which
puts the C# control on the page references a URL in the CLASSID attribute;
supposedly this type of reference automatically marks the object as safe
for
scripting. However, neither adding a 'mayscript="true"' attribute to the
object tag nor implementing IObjectSafety eliminates the problem.

The problem only plagues non-visual controls, i.e., C# objects which do
not
inherit from System.Windows.Forms.Control. The only step required to
alleviate the problem is to inherit from System.Windows.Forms.Control or
one
of its derivatives. However, inheriting from
System.ComponentModel.Component
does not eliminate the error message.

Is this the expected behavior? Is there another workaround which would
allow me to put non-visual, non-Control-derived C# classes on the web
page?

I'm using v1.1 SP1 of the Framework.


Nov 16 '05 #4

P: n/a
> > As I noted in my original post, I have tried implementing
IObjectSafety to
> no avail.


IObjectSafety & friends
...


I tried implementing IObjectSafety as you've listed it here and I saw the
same "not safe for scripting" error. It's worth mentioning that my class
wasn't derived from Control or UserControl as yours was.

Thanks for the suggestion.

Nov 16 '05 #5

This discussion thread is closed

Replies have been disabled for this discussion.