Non-visual C# objects on a webpage are not marked as "safe for scr

[Guest]

Non-visual C# objects on a webpage are not marked as "safe for scripting"

I'm developing .NET components in C# which are used as ActiveX-style
controls on web pages that are displayed inside a custom browser which is
based on the IE web browser control. On 3 of about 100 PCs that the controls
have been tried on, the browser produces the following error message:

An ActiveX control on this page is not safe.
Your current security settings prohibit running unsafe controls on this
page.
As a result, this page may not display as intended.

I believe this is the "not safe for scripting" error. According to what
I've read, we shouldn't be seeing this error because the object tag which
puts the C# control on the page references a URL in the CLASSID attribute;
supposedly this type of reference automatically marks the object as safe for
scripting. However, neither adding a 'mayscript="true"' attribute to the
object tag nor implementing IObjectSafety eliminates the problem.

The problem only plagues non-visual controls, i.e., C# objects which do not
inherit from System.Windows.Forms.Control. The only step required to
alleviate the problem is to inherit from System.Windows.Forms.Control or one
of its derivatives. However, inheriting from System.ComponentModel.Component
does not eliminate the error message.

Is this the expected behavior? Is there another workaround which would
allow me to put non-visual, non-Control-derived C# classes on the web page?

I'm using v1.1 SP1 of the Framework.

 

[Nicholas Paldino [.NET/C# MVP]]

lwickland,

I would try and define the IObjectSafety interface on your objects. You
would have to define it first, but that should be a trivial matter.

Hope this helps.

 

[Guest]

lwickland,

I would try and define the IObjectSafety interface on your objects. You
would have to define it first, but that should be a trivial matter.

Nicholas,

Thanks for replying.

As I noted in my original post, I have tried implementing IObjectSafety to
no avail.

I stuck MessageBox.Show()s in the methods implementing IObjectSafety to
ensure that I had implemented it correctly. On a PC that didn't display the
"safe for scripting" error, the MessageBox.Show()s were displayed as expected
when the javascript on the web page referenced the C# object. On a PC that
did display the "safe for scripting" error, the MessageBoxes weren't
displayed, indicating to me that the web page wasn't recognizing that the
object implemented IObjectSafety.

Do you have any further suggestions?

We haven't been able to find any pattern to the PCs that the problem has
appeared on; we've seen the issue on both Windows 2000 and Windows XP.

Thanks,

Leif Wickland

 

[Guest]

Hi,

Can someone show me how to implement the IObjectSafety (or any other MS
defined) interface using C#? I am new to .NET and apparently I am missing
something. Everything I've tried does not work.

Jeff Finz

lwickland,

I would try and define the IObjectSafety interface on your objects. You
would have to define it first, but that should be a trivial matter.

Hope this helps.


--
- Nicholas Paldino [.NET/C# MVP]
- (e-mail address removed)

Non-visual C# objects on a webpage are not marked as "safe for scripting"

I'm developing .NET components in C# which are used as ActiveX-style
controls on web pages that are displayed inside a custom browser which is
based on the IE web browser control. On 3 of about 100 PCs that the
controls
have been tried on, the browser produces the following error message:

An ActiveX control on this page is not safe.
Your current security settings prohibit running unsafe controls on this
page.
As a result, this page may not display as intended.

I believe this is the "not safe for scripting" error. According to what
I've read, we shouldn't be seeing this error because the object tag which
puts the C# control on the page references a URL in the CLASSID attribute;
supposedly this type of reference automatically marks the object as safe
for
scripting. However, neither adding a 'mayscript="true"' attribute to the
object tag nor implementing IObjectSafety eliminates the problem.

The problem only plagues non-visual controls, i.e., C# objects which do
not
inherit from System.Windows.Forms.Control. The only step required to
alleviate the problem is to inherit from System.Windows.Forms.Control or
one
of its derivatives. However, inheriting from
System.ComponentModel.Component
does not eliminate the error message.

Is this the expected behavior? Is there another workaround which would
allow me to put non-visual, non-Control-derived C# classes on the web
page?

I'm using v1.1 SP1 of the Framework.

 

[Guest]

As I noted in my original post, I have tried implementing

IObjectSafety to

IObjectSafety & friends
...

I tried implementing IObjectSafety as you've listed it here and I saw the
same "not safe for scripting" error. It's worth mentioning that my class
wasn't derived from Control or UserControl as yours was.

Thanks for the suggestion.