winforms webbrowser控件中的JavaScript访问问题
预计到达时间:我已经成功了,答案发布在下面。我会将任何能够准确解释发生了什么情况以及如何清理它的人标记为答案。
我有一个类,其中包含一个带有 winforms webbrowser 控件的表单,用于显示 html 页面。我将一些脚本注入到页面的头部,以便我可以查询有关样式的信息。
当我从可执行文件启动应用程序时,一切正常。不过,我现在尝试在设计时从加载项启动该应用程序。发生的情况是,右键单击 .htm 类型文件,然后单击启动浏览器。然后,加载项启动浏览器,导航到提供的 .htm 文件路径。
我注意到的第一件事是浏览器现在显示以下消息:
“为了帮助保护您的安全,您的网络浏览器已限制此文件显示可以访问您的计算机的活动内容。单击此处查看选项...”
然后我注意到,即使我单击启用活动内容,我所有的 javascript 调用现在都失败了。
作为测试,我尝试了这个简单的 javascript 调用(没有显式注入):
Me.Document.InvokeScript("execScript", New Object() {"alert('hello');", "JavaScript"})
这会导致一个 javascript 错误对话框,显示“访问被拒绝”
因此,这是一个安全问题。我并不是想这样做,但我尝试暂时降低 IE 中的所有安全级别,但这没有什么区别。
我应该补充一点,该应用程序包含 2 个网络浏览器控件。第二个托管一个通过设置浏览器的 DocumentText 属性创建的网页。这不会遇到 javascript 访问问题。
ETA:我一直在研究 IInternetSecurityManager,它与此有什么关系吗?我希望不是:(
ETA: I've got it working and the answer is posted below. I'll mark as the answer anyone who can explain exactly what is going on and how I can clean it up.
I have a class that contains a form with a winforms webbrowser control to display an html page. I inject some script into the head of the page so that I can query information about styles.
When I launch the app from an executable, everything works fine. However I'm now attempting to launch the app from an add-in at design-time. What happens is you right-click on a .htm type file and click to launch the browser. The add-in then launches the browser which navigates to the supplied .htm file path.
The first thing I notice is that the browser now displays this message:
"To help protect your security, your web browser has restricted this file from showing active content that could access your computer. Click here for options..."
I then noticed that all my javascript calls were now failing even if I clicked to enable active content.
As a test I tried this simple javascript call (without explicit injection):
Me.Document.InvokeScript("execScript", New Object() {"alert('hello');", "JavaScript"})
This results in a javascript error dialog that says "access is denied"
So, this is a security issue. Not that I wanted to but, I tried temporarily reducing all security levels in IE but this made no difference.
I should add that the app contains 2 webbrowser controls. The second one hosts a web page that is created by setting the DocumentText property of the browser. This does not suffer from javascript access issues.
ETA: I've been looking into IInternetSecurityManager, could it be anything to do with that? I hope not :(
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我已经设法让它与 IInternetSecurityManager 一起工作,IInternetSecurityManager 是由网络浏览器控件的站点返回的服务。
无论 url 是什么,我都通过在 ProcessUrlAction 方法中返回 Ok 来使其正常工作。
我根据在互联网上找到的内容将其抄写在一起,因此如果有人可以指出如何清理它并将其限制在 Intranet 中,那么我会将其标记为答案。
我想我需要检查 ProcessUrlAction 中的 url,并根据其内容返回“Ok”或“Default”。
这是代码:
接口:
I've managed to get it working with IInternetSecurityManager which is a service that is returned by the webbrowser control's site.
I got it working by returning Ok in the ProcessUrlAction method regardless of the url.
I cribbed this together from bits I found on the internet so if anyone can point out how it can be cleaned up and restricted to the intranet then i'll mark that as the answer.
I presume i need to examine the url, in ProcessUrlAction, and return Ok, or Default depending on its content.
Here's the code:
The Interfaces: