tags:

views:

17

answers:

1
Q: 

From an ActiveX control, can I tell what domain it is being created from?

If possible, I want to prevent my ActiveX control from being accidentally executed by untrusted pages, because it can be used to download and run a file.

One idea is to have the control know the domain of the HTML page it is instantiated on, and prompt the user if they trust this domain. It would remember this choice in the registry. If the control was used by a page rendered from a different domain, the user would be asked to trust the new domain.

Is there a way for an ActiveX control to query IE and ask what domain the page was downloaded from?

+2  A: 

Yes, implement IObjectWithSite and cache the pointer you're given in SetSite().

Then:

  1. QueryInterface() your site for IID_IServiceProvider.
  2. QueryService() the IServiceProvider for SID_STopLevelBrowser, IID_IServiceProvider.
  3. QueryService() the top level IServiceProvider for SID_SWebBrowserApp, IID_IWebBrowser2.
  4. Call get_LocationURL.
jeffamaphone  2010-08-17 23:14:23

related questions

Exposing nested arrays to COM from .NET
How do you unit-test code that interacts with and instantiates third-party COM objects?
Windows Server 2008: COM error: 0x800706F7 - The stub received bad data
Sample code for using IBM's PCOMM in C# o write an as400 screenscraper
Expose an event handler to VBScript users of my COM object
MapPoint 2009 Load Performance
Managed OleDB provider written in C#
What is the best source for information on COM error codes?
How do I return an array of strings from an ActiveX object to JScript
Maintain the correct version for a COM dll referenced in a .NET project
How to do a simple mail merge in OpenOffice
How do you display a dialog from a hidden window application?
Has .NET made raw COM and DCOM programming redundant ?
COMException "Library not registered." while using System.DirectoryServices
What do I need to do to implement an "out of proc" COM server in C#?
How to implement Type-safe COM enumerations in Delphi ?
Notification of drop in drag-drop in Windows
Sharepoint COMException 0x81020037
How do I unregister COM dlls initially added with RegSvr32 when the /u arg doesn't work?
Delphi and COM: TLB and maintenance issues
Is there a method for handling errors from COM objects in RDML?
How to register COM from VS Setup project?
C++ Problems with #import of .NET out-of-proc server.
How to trace COM objects exceptions?
Unload a COM control when working in VB6 IDE