当 IE 安全不允许创建对象时,New ActiveXObject('Word.Application') 创建新的 winword.exe 进程
我们使用 MS Word 作为私人公司网站上几个字段的拼写检查器,当 IE 安全设置正确时,它可以正常工作。 (站点的区域设置为“受信任”,并且受信任区域已修改为允许控件在没有提示的情况下运行。)
我们使用的脚本创建一个 word 对象,然后将其关闭。当该对象存在时,winword.exe 进程会运行,但当 Word 对象关闭时该进程会被销毁。
如果我们的站点未设置在受信任区域(具有默认安全级别的 Internet 区域)中,则创建 Word 对象的调用将按预期失败,但仍会创建 winword.exe 进程。我没有任何方法与脚本中的此进程交互,因此该进程会一直保留,直到用户注销(用户无法手动销毁该进程,即使他们这样做,也不是一个好的解决方案。 )
尝试创建对象的调用是...
try {
wordApplication = new ActiveXObject('Word.Application');
} catch(error) {
// irrelevant code removed, described in comments..
// notify user spell check cannot be used
// disable spell check option
}
因此每次加载页面时,此代码都可能会再次运行,从而创建另一个孤立的 winword.exe 进程。
当然,catch 块中的 wordApplication 是未定义的。
我希望能够事先检测浏览器的安全设置,但我对此进行了一些搜索,并且认为这是不可能的。
这里的管理层对现状感到满意。只要 IE 安全设置正确,它就可以工作,并且可以很好地满足我们的目的。 (我们最终可能会考虑拼写检查功能的其他选项,但这是快速、便宜的,并且可以完成我们需要它做的所有事情。)
最后一个问题困扰着我,我想对此做点什么,但我没有想法了,我还有其他更需要我注意的事情。
在我把它放在一边之前,我想我应该在这里征求建议。
We are using MS Word as a spell checker for a few fields on a private company web site, and when IE security settings are correct it works well. (Zone for the site set to Trusted, and trusted zone modified to allow control to run without prompting.)
The script we are using creates a word object and closes it afterward. While the object exists, a winword.exe process runs, but it is destroyed when the Word object is closed.
If our site is not set in the trusted zone (Internet zone with default security level) the call that creates the Word object fails as expected, but the winword.exe process is still created. I do not have any way to interact with this process in the script, so the process stays around until the user logs off (users have no way to manually destroy the process, and it wouldn't be a good solution even if they did.)
The call that attempts to create the object is...
try {
wordApplication = new ActiveXObject('Word.Application');
} catch(error) {
// irrelevant code removed, described in comments..
// notify user spell check cannot be used
// disable spell check option
}
So every time the page is loaded this code may be run again, creating yet another orphan winword.exe process.
wordApplication is, of course, undefined in the catch block.
I would like to be able to detect the browser security settings beforehand, but I have done some searching on this and do not think that it is possible.
Management here is happy with it as it is. As long as IE security is set correctly it works, and it works well for our purposes. (We may eventually look at other options for spell check functionality, but this was quick, inexpensive, and does everything we need it to do.)
This last problem bugs me and I'd like to do something about it, but I'm out of ideas and I have other things that are more in need of my attention.
Before I put it aside, I thought I'd ask for suggestions here.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我还没有找到这个问题的答案,而且我对这个问题对 Internet Explorer 安全性的暗示感到不安(我忘了在上一篇文章中提到我正在使用的版本:IE 7。)
但是,我确实实现了一个解决方法我对此并不满意,但仍然感觉比根本不检查更舒服...
代码现在尝试首先打开另一个对象,如果失败,代码将假定 Word 也不会打开并发出错误。从此时起,将不再调用 new ActiveXObject(),并且任何拼写检查尝试都将导致错误。
当调用 new ActiveXObject() 失败时,该对象不会启动新进程。它对系统资源也没有明显的影响。
I have not found an answer to this problem, and I am disturbed at what the problem implies about Internet Explorer security (I forgot to mention in my previous post the version I am using : IE 7.)
However, I did implement a workaround that I am not happy with, but nevertheless feel more comfortable with than no check at all...
The code now attempts to open another object first, and if that fails the code assumes that Word will not open either and issues an error. From this point on, no more calls to new ActiveXObject() will be made and any attempt at a spell check will result in an error.
This object does not start a new process when the call to new ActiveXObject() fails. It also does not have a noticable affect on system resources.
如果您的浏览器创建对象的实例,则该对象本身不会被浏览器安全策略阻止,除非它存在安全漏洞。
尝试“application.visible=true”或“application.show()”来找出应用程序在哪里请求用户交互。
提示: 'typeof application=="undefined"' 意味着变量 'application' 未定义,其中 'typeof application=="unknown"' 或多或少意味着它是一个已定义的变量,填充了外部专有的变量对象,如果您确实需要知道如何处理它,请阅读手册 - 在上述应用程序的任何打开的窗口中按 [F11] 在这种情况下可能会有所帮助。
可能是有用的资源:https://learn.microsoft。 com/en-us/office/vba/api/Word.Application
If your browser creates an instance of an object, the object itself is not blocked by the browser security policies, except it is a security leak.
Try "application.visible=true", or "application.show()" to find out, where the application is asking for user interaction.
Hint: 'typeof application=="undefined"' means, the variable 'application' is not defined, where 'typeof application=="unknown"' means, more or less, it is a defined variable, stuffed with an external, proprietary object and if you really need to know how to handle it, read the manual -- pressing [F11] in any open window of the mentioned application could help in that case.
Might be a useful resource: https://learn.microsoft.com/en-us/office/vba/api/Word.Application