views:

17

answers:

1

If possible, I want to prevent my ActiveX control from being accidentally executed by untrusted pages, because it can be used to download and run a file.

One idea is to have the control know the domain of the HTML page it is instantiated on, and prompt the user if they trust this domain. It would remember this choice in the registry. If the control was used by a page rendered from a different domain, the user would be asked to trust the new domain.

Is there a way for an ActiveX control to query IE and ask what domain the page was downloaded from?

+2  A: 

Yes, implement IObjectWithSite and cache the pointer you're given in SetSite().

Then:

  1. QueryInterface() your site for IID_IServiceProvider.
  2. QueryService() the IServiceProvider for SID_STopLevelBrowser, IID_IServiceProvider.
  3. QueryService() the top level IServiceProvider for SID_SWebBrowserApp, IID_IWebBrowser2.
  4. Call get_LocationURL.
jeffamaphone