# VBForums UtilityBank > UtilityBank - Tutorials >  VB - ActiveX Tutorial: Run Web Based Controls w/o changing IE Settings.

## CodeBlock

----------------------------------------------------------------------------------------------------
 ARTICLE NAME  : IMPLEMENTING YOUR ACTIVEX CONTROLS SAFE FOR SCRIPTING AND INITIALIZATION
 ARTICLE TYPE  : Tutorial for ActiveX developed in Classic Visual Basic
 CREATION DATE : 12 May, 2005
 AUTHOR        : Neo <neo at triotex.com>
 REFERENCE     : Microsoft KB Article : Q182598
----------------------------------------------------------------------------------------------------
 1. TABLE OF CONTENTS
----------------------------------------------------------------------------------------------------

 1. TABLE OF CONTENTS .................................................................. #1
 2. SUMMARY ............................................................................ #2
 3. AGREEMENT .......................................................................... #3
 4. DESCRIPTION ........................................................................ #4
 5. ABOUT CODESIGNING .................................................................. #5
 6. APPLIES TO ......................................................................... #6
 7. REFERENCES ......................................................................... #7


----------------------------------------------------------------------------------------------------

----------


## CodeBlock

----------------------------------------------------------------------------------------------------
 2. SUMMARY
----------------------------------------------------------------------------------------------------


This article describes how to implement the IObjectSafety interface in Visual Basic controls to mark the controls safe for scripting and initialization. By default, Visual Basic controls use component category entries in the registry to mark the control safe for scripting and initialization. Implementing the IObjectSafety interface is the preferred method. This article contains all the code that is required to implement this interface in Visual Basic controls.

Please keep in mind that a control should only be marked as safe if it is, IN FACT, *SAFE*. This means that your control should not contain any malicious code that will be used on the client side. This article does not describe the full details of marking controls as safe for scripting and initialization; it simply demonstrates how to do it in code. Please refer to the Internet Client Software Development Kit (SDK) documentation for a detailed description of this. You may choose the References Section of this Article for more help.

----------


## CodeBlock

----------------------------------------------------------------------------------------------------
 3. AGREEMENT
----------------------------------------------------------------------------------------------------

This article, as is, is not and will not be *responsible* for any code you may develop from this. You AGREE to the terms that you would not exploit this article for developing any malicious code, such as, a virus, trojan, spyware/adware, or any variant of such kind.

Feel free to link this article in your website, email, forums, etc., if you agree to the fact that the Author of this article is: Neo <neo at triotex.com> (a.k.a CodeBlock in VBForums.com) and any/whole part of this Article will NOT be modified but just kept in tact, as is.

----------


## CodeBlock

----------------------------------------------------------------------------------------------------
 4. DESCRIPTION
----------------------------------------------------------------------------------------------------


*Steps on how to create a simple Visual Basic control and mark it safe for scripting and initialization.*

1. Create a new folder where you can save all files that you create in this example.

2. Get the OLE Automation Type Library Generator from the Visual Basic CD-ROM. To do this, copy all four files from the \Common\Tools\VB\Unsupprt\Typlib\ folder to your project folder.

3. Copy the following text into Notepad, and save the file in the project folder as Objsafe.odl:


```
[
uuid(C67830E0-D11D-11cf-BD80-00AA00575603),
helpstring("VB IObjectSafety Interface"),
version(1.0)
]
library IObjectSafetyTLB
{
importlib("stdole2.tlb");
[
uuid(CB5BDC81-93C1-11cf-8F20-00805F2CD064),
helpstring("IObjectSafety Interface"),
odl
]
interface IObjectSafety:IUnknown {
[helpstring("GetInterfaceSafetyOptions")]
HRESULT GetInterfaceSafetyOptions(
[in] long riid,
[in] long *pdwSupportedOptions,
[in] long *pdwEnabledOptions);

[helpstring("SetInterfaceSafetyOptions")]
HRESULT SetInterfaceSafetyOptions(
[in] long riid,
[in] long dwOptionsSetMask,
[in] long dwEnabledOptions);
}
}
```

4. At a command prompt, use the CD <path> command to move to the project folder, and type the following command to generate a .tlb file:
MKTYPLIB objsafe.odl /tlb objsafe.tlb

5. From Visual Basic, create an ActiveX Control project. In the Properties list, change the name of the project to IObjSafety and the name of the control to DemoCtl. Put a CommandButton named cmdTest on the control. In the Click event handler of the cmdTest, put a MsgBox "Test" statement.

6. On the Project menu, click References, browse to and add Objsafe.tlb, which you created earlier.

7. Add a new module to your project with the following code, and name the module basSafeCtl:

VB Code:
Option Explicit
 Public Const IID_IDispatch = "{00020400-0000-0000-C000-000000000046}"
Public Const IID_IPersistStorage = _
"{0000010A-0000-0000-C000-000000000046}"
Public Const IID_IPersistStream = _
"{00000109-0000-0000-C000-000000000046}"
Public Const IID_IPersistPropertyBag = _
"{37D84F60-42CB-11CE-8135-00AA004BB851}"
 Public Const INTERFACESAFE_FOR_UNTRUSTED_CALLER = &H1
Public Const INTERFACESAFE_FOR_UNTRUSTED_DATA = &H2
Public Const E_NOINTERFACE = &H80004002
Public Const E_FAIL = &H80004005
Public Const MAX_GUIDLEN = 40
 Public Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" _
(pDest As Any, pSource As Any, ByVal ByteLen As Long)
Public Declare Function StringFromGUID2 Lib "ole32.dll" (rguid As _
Any, ByVal lpstrClsId As Long, ByVal cbMax As Integer) As Long
 Public Type udtGUID
Data1 As Long
Data2 As Integer
Data3 As Integer
Data4(7) As Byte
End Type
 Public m_fSafeForScripting As Boolean
Public m_fSafeForInitializing As Boolean
 Sub Main()
    m_fSafeForScripting = True
    m_fSafeForInitializing = True
End Sub

8. From Project Properties, change the Startup Object to Sub Main to execute the Sub Main above. Use the *m_fSafeForScripting* and *m_fSafeForInitializing* variables to specify the values of safe for the scripting and/or initialization variables. Make them both *true*, if you dont want to change your *IE Settings*

9. Open the code window of your control. Add the following line of code to the Declaration section (right after Option Explicit or as the first), ie., General Declarations:


VB Code:
Implements IObjectSafety

10. Copy the following two procedures to your control code:


VB Code:
Private Sub IObjectSafety_GetInterfaceSafetyOptions(ByVal riid As _
      Long, pdwSupportedOptions As Long, pdwEnabledOptions As Long)
           Dim Rc      As Long
          Dim rClsId  As udtGUID
          Dim IID     As String
          Dim bIID()  As Byte
           pdwSupportedOptions = INTERFACESAFE_FOR_UNTRUSTED_CALLER Or _
                                INTERFACESAFE_FOR_UNTRUSTED_DATA
           If (riid <> 0) Then
              CopyMemory rClsId, ByVal riid, Len(rClsId)
               bIID = String$(MAX_GUIDLEN, 0)
              Rc = StringFromGUID2(rClsId, VarPtr(bIID(0)), MAX_GUIDLEN)
              Rc = InStr(1, bIID, vbNullChar) - 1
              IID = Left$(UCase(bIID), Rc)
               Select Case IID
                  Case IID_IDispatch
                      pdwEnabledOptions = IIf(m_fSafeForScripting, _
                    INTERFACESAFE_FOR_UNTRUSTED_CALLER, 0)
                      Exit Sub
                  Case IID_IPersistStorage, IID_IPersistStream, _
                     IID_IPersistPropertyBag
                      pdwEnabledOptions = IIf(m_fSafeForInitializing, _
                    INTERFACESAFE_FOR_UNTRUSTED_DATA, 0)
                      Exit Sub
                  Case Else
                      Err.Raise E_NOINTERFACE
                      Exit Sub
              End Select
          End If
      End Sub
       Private Sub IObjectSafety_SetInterfaceSafetyOptions(ByVal riid As _
      Long, ByVal dwOptionsSetMask As Long, ByVal dwEnabledOptions As Long)
          Dim Rc          As Long
          Dim rClsId      As udtGUID
          Dim IID         As String
          Dim bIID()      As Byte
           If (riid <> 0) Then
              CopyMemory rClsId, ByVal riid, Len(rClsId)
               bIID = String$(MAX_GUIDLEN, 0)
              Rc = StringFromGUID2(rClsId, VarPtr(bIID(0)), MAX_GUIDLEN)
              Rc = InStr(1, bIID, vbNullChar) - 1
              IID = Left$(UCase(bIID), Rc)
               Select Case IID
                  Case IID_IDispatch
                      If ((dwEnabledOptions And dwOptionsSetMask) <> _
                   INTERFACESAFE_FOR_UNTRUSTED_CALLER) Then
                          Err.Raise E_FAIL
                          Exit Sub
                      Else
                          If Not m_fSafeForScripting Then
                              Err.Raise E_FAIL
                          End If
                          Exit Sub
                      End If
                   Case IID_IPersistStorage, IID_IPersistStream, _
                IID_IPersistPropertyBag
                      If ((dwEnabledOptions And dwOptionsSetMask) <> _
                    INTERFACESAFE_FOR_UNTRUSTED_DATA) Then
                          Err.Raise E_FAIL
                          Exit Sub
                      Else
                          If Not m_fSafeForInitializing Then
                              Err.Raise E_FAIL
                          End If
                          Exit Sub
                      End If
                   Case Else
                      Err.Raise E_NOINTERFACE
                      Exit Sub
              End Select
          End If
      End Sub

11. On the File menu, save your project and files. Make an OCX file from your project. Your control now implements the IObjectSafety interface. To test it, insert the control in an .htm file.


SIMPLE WORKING CODE

Points Nos. 7 & 10 can be modified to just have a simpler working Code:

Point No.7 (as in the Module basSafeCtl)

VB Code:
Option Explicit
 Public Const INTERFACESAFE_FOR_UNTRUSTED_CALLER = &H1
Public Const INTERFACESAFE_FOR_UNTRUSTED_DATA = &H2

An easier alternative for Point No.10

Point No.10 is BIG because it helps you understand by trying out the different options. If you just want a working code here it is:

VB Code:
Private Sub IObjectSafety_GetInterfaceSafetyOptions(ByVal riid As _
      Long, pdwSupportedOptions As Long, pdwEnabledOptions As Long)
          pdwSupportedOptions = INTERFACESAFE_FOR_UNTRUSTED_CALLER Or _
                                INTERFACESAFE_FOR_UNTRUSTED_DATA
          pdwSupportedOptions = pdwSupportedOptions ' All options are suported:
          ' Meaning: Both Untrusted Caller(Scripting) and 
          ' Untrusted Data (Initialization) options are marked Safe.
      End Sub
       Private Sub IObjectSafety_SetInterfaceSafetyOptions(ByVal riid As _
      Long, ByVal dwOptionsSetMask As Long, ByVal dwEnabledOptions As Long)
    ' This is when your browser asks you to change your settings.
        ' You can ignore this Sub, if at all u need in a case where the browser 
        ' rejects the settings and sends you back to get notified of the rejection
        ' or any option change.
      End Sub

----------


## CodeBlock

----------------------------------------------------------------------------------------------------
 5. ABOUT CODESIGNING
----------------------------------------------------------------------------------------------------

But this is not just enough. If you are hosting your files on a server, to be available as a downloadable plugin in your web pages, You must CodeSign your .cab or .ocx file. You can do this by either using the CodeSign Binaries from the Visual Basic SDK (You will find this under the Tools folder of your VStudio6 CD-ROM) (Alternatively, You can download it from here [Self-Extracting EXE] 344 KB).

Or use: http://www.ascertia.com/ (where u have to create an account. TIP: Remember that in the registration process, you have to provide some valid information as they will get reflected in your certificate itself shown to the Client. So, once registered they are included in the certificate. ).

If you need a detailed description on the CodeSigning Process using CodeSign.exe, Follow this link

----------


## CodeBlock

----------------------------------------------------------------------------------------------------
 6. APPLIES TO
----------------------------------------------------------------------------------------------------
	Microsoft Visual Basic 5.0 Control Creation Edition
	Microsoft Visual Basic 5.0 Professional Edition
	Microsoft Visual Basic 6.0 Professional Edition
	Microsoft Visual Basic 5.0 Enterprise Edition
	Microsoft Visual Basic 6.0 Enterprise Edition
	Microsoft Visual Basic 5.0 Learning Edition
	Microsoft Visual Basic 6.0 Learning Edition
	Microsoft Internet Explorer 4.0 128-Bit Edition
	Microsoft Internet Explorer 4.01 Service Pack 2
	Microsoft Internet Explorer 4.01 Service Pack 1
	Microsoft Internet Explorer 4.01 Service Pack 2
	Microsoft Internet Explorer 5.0
	Microsoft Internet Explorer (Programming) 5.01
	Microsoft Internet Explorer (Programming) 5.01 SP1
	Microsoft Internet Explorer (Programming) 5.5

----------


## CodeBlock

----------------------------------------------------------------------------------------------------
 7. REFERENCES
----------------------------------------------------------------------------------------------------
MkTypLib.exe is an old tool that previously shipped with the Platform Software Development Kit (SDK) that comes with Microsoft Visual Studio 6.0. For information on how to install the Platform SDK that comes with Visual Studio 6.0, see the following Microsoft Web site:

http://msdn.microsoft.com/library/ps...usage_4rqu.htm

The current Platform SDK does not come with the MkTypLib.exe tool. For information about what Microsoft products ship the Type Library Compiler (MkTypLib.exe), see the following Microsoft DLL Help database and search on the file name MkTypLib.exe

http://support.microsoft.com/dllhelp


For information about how to invoke MkTypLib, see the following Microsoft Web site:
http://msdn.microsoft.com/library/ps...chap8_6cki.htm

For additional information, click the article numbers below to view the articles in the Microsoft Knowledge Base:

161873 How To Mark MFC Controls Safe for Scripting/Initialization
143258 How To Create Constants and DLL Declarations in a Type Library
131105 SAMPLE: TYPEBLD: How to Use ICreateTypeLib and ICreateTypeInfo


For more information about the IObjectSafety interface, see the following Microsoft Web site:
http://msdn.microsoft.com/workshop/c...jectsafety.asp


For more information about safe initialization and scripting for ActiveX controls, see the following Microsoft Web site:
http://msdn.microsoft.com/workshop/c...vex/safety.asp


For more information about developing Web-based solutions for Microsoft Internet Explorer, visit the following Microsoft Web sites:
http://msdn.microsoft.com/workshop/entry.asp

http://msdn.microsoft.com/ie/

http://support.microsoft.com/highlig...p?FR=0&SD=MSDN

----------


## CodeBlock

Please rate me, if you find this useful.

You may also post your comments/suggestions/doubts on this thread through this link. (Use this link, if you are reading this thread in a section where u cannot post replies)

Contacting through mail: <neo at triotex.com>
You can also PM me to contact through the Forums

Thanks & Regards
Neo a.k.a CodeBlock

----------

