Non-visual C# objects on a webpage are not marked as "safe for scr

Discussion in 'ASP .Net Building Controls' started by lwickland, Oct 26, 2004.

  1. lwickland

    lwickland Guest

    Non-visual C# objects on a webpage are not marked as "safe for scripting"

    I'm developing .NET components in C# which are used as ActiveX-style
    controls on web pages that are displayed inside a custom browser which is
    based on the IE web browser control. On 3 of about 100 PCs that the controls
    have been tried on, the browser produces the following error message:

    An ActiveX control on this page is not safe.
    Your current security settings prohibit running unsafe controls on this
    page.
    As a result, this page may not display as intended.

    I believe this is the "not safe for scripting" error. According to what
    I've read, we shouldn't be seeing this error because the object tag which
    puts the C# control on the page references a URL in the CLASSID attribute;
    supposedly this type of reference automatically marks the object as safe for
    scripting. However, neither adding a 'mayscript="true"' attribute to the
    object tag nor implementing IObjectSafety eliminates the problem.

    The problem only plagues non-visual controls, i.e., C# objects which do not
    inherit from System.Windows.Forms.Control. The only step required to
    alleviate the problem is to inherit from System.Windows.Forms.Control or one
    of its derivatives. However, inheriting from System.ComponentModel.Component
    does not eliminate the error message.

    Is this the expected behavior? Is there another workaround which would
    allow me to put non-visual, non-Control-derived C# classes on the web page?

    I'm using v1.1 SP1 of the Framework.
     
    lwickland, Oct 26, 2004
    #1
    1. Advertising

  2. lwickland,

    I would try and define the IObjectSafety interface on your objects. You
    would have to define it first, but that should be a trivial matter.

    Hope this helps.


    --
    - Nicholas Paldino [.NET/C# MVP]
    -

    "lwickland" <> wrote in message
    news:...
    > Non-visual C# objects on a webpage are not marked as "safe for scripting"
    >
    > I'm developing .NET components in C# which are used as ActiveX-style
    > controls on web pages that are displayed inside a custom browser which is
    > based on the IE web browser control. On 3 of about 100 PCs that the
    > controls
    > have been tried on, the browser produces the following error message:
    >
    > An ActiveX control on this page is not safe.
    > Your current security settings prohibit running unsafe controls on this
    > page.
    > As a result, this page may not display as intended.
    >
    > I believe this is the "not safe for scripting" error. According to what
    > I've read, we shouldn't be seeing this error because the object tag which
    > puts the C# control on the page references a URL in the CLASSID attribute;
    > supposedly this type of reference automatically marks the object as safe
    > for
    > scripting. However, neither adding a 'mayscript="true"' attribute to the
    > object tag nor implementing IObjectSafety eliminates the problem.
    >
    > The problem only plagues non-visual controls, i.e., C# objects which do
    > not
    > inherit from System.Windows.Forms.Control. The only step required to
    > alleviate the problem is to inherit from System.Windows.Forms.Control or
    > one
    > of its derivatives. However, inheriting from
    > System.ComponentModel.Component
    > does not eliminate the error message.
    >
    > Is this the expected behavior? Is there another workaround which would
    > allow me to put non-visual, non-Control-derived C# classes on the web
    > page?
    >
    > I'm using v1.1 SP1 of the Framework.
    >
     
    Nicholas Paldino [.NET/C# MVP], Oct 26, 2004
    #2
    1. Advertising

  3. lwickland

    lwickland Guest

    "Nicholas Paldino [.NET/C# MVP]" wrote:

    > lwickland,
    >
    > I would try and define the IObjectSafety interface on your objects. You
    > would have to define it first, but that should be a trivial matter.

    Nicholas,

    Thanks for replying.

    As I noted in my original post, I have tried implementing IObjectSafety to
    no avail.

    I stuck MessageBox.Show()s in the methods implementing IObjectSafety to
    ensure that I had implemented it correctly. On a PC that didn't display the
    "safe for scripting" error, the MessageBox.Show()s were displayed as expected
    when the javascript on the web page referenced the C# object. On a PC that
    did display the "safe for scripting" error, the MessageBoxes weren't
    displayed, indicating to me that the web page wasn't recognizing that the
    object implemented IObjectSafety.

    Do you have any further suggestions?

    We haven't been able to find any pattern to the PCs that the problem has
    appeared on; we've seen the issue on both Windows 2000 and Windows XP.

    Thanks,

    Leif Wickland
     
    lwickland, Oct 26, 2004
    #3
  4. lwickland

    lwickland Guest

    Re: Non-visual C# objects on a webpage are not marked as "safe for

    Robert,

    Thanks for the implementation template for IObjectSafety.

    I tried to say in my previous post that I implemented IObjectSafety and that
    doing so did not improve the situation. I used an implementation very
    similar to the one that you provided. I do believe that my implementation
    was correct because my GetInterfaceSafetyOptions() and
    SetInterfaceSafetyOptions() methods were being called on a PC that didn't
    receive the "not safe for scripting" error, although they were not being
    called on a PC that did receive the error.

    Please let me know of any other suggestions you may have.

    Thanks again,

    Leif Wickland
     
    lwickland, Oct 26, 2004
    #4
  5. lwickland

    lwickland Guest

    Re: Non-visual C# objects on a webpage are not marked as "safe for

    Robert,

    Thanks for reply again.

    > Maybe you didn't registered again the now fixed assembly
    > on those PCs.

    I have not been registering the assembly on either my PC or the PC with the
    problem. I have the "Register for COM Interop" option disabled on the
    project. My rationale for not registering the assembly was that the code was
    not being referenced by GUID and because, to my understanding, registering an
    assembly or its types didn't matter in the context of putting a .NET object
    on a web page by referencing its URL. All the same I tried what you
    suggested below.

    > You should use fixed Guids, give the assembly a strong name
    > (sign it) and register it with COM using regasm /codebase.

    I followed these steps:
    1. Ensured that the class had a [Guid()] attribute.
    2. Ensured that the assembly has an [assembly: Guid()] attribute.
    3. Build the assembly.
    4. Executed "regasm /codebase <asmName.DLL>"
    5. Changed my web page to have object tags which looked like "<object
    CLASSID='clsid:<classGuid>'>."
    6. Hit the page.

    It worked great on my PC and on the PC that had previously had problems.

    Does anyone have experience using GUID values inside the object tag's
    CLASSID attribute in a production environment? I am very nervous about doing
    so because we need to be able to run multiple versions of the same product at
    once without the various versions of the assemblies stepping on each other's
    toes. In order to run different version simultaneously, wouldn't we have to
    change the GUID on each class and assembly for each release? We essentially
    do a release to QA everyday and QA needs to be able to run multiple days'
    builds concurrently on the same PC.

    Are there any solutions which don't involve registering the assembly or
    hard-coding the GUID in the web page?

    Thanks,

    Leif Wickland
     
    lwickland, Oct 27, 2004
    #5
  6. Re: Non-visual C# objects on a webpage are not marked as "safe for

    Hi,

    Can someone show me how to implement the IObjectSafety (or any other MS
    defined) interface using C#? I am new to .NET and apparently I am missing
    something. Everything I've tried does not work.

    Jeff Finz

    "Nicholas Paldino [.NET/C# MVP]" wrote:

    > lwickland,
    >
    > I would try and define the IObjectSafety interface on your objects. You
    > would have to define it first, but that should be a trivial matter.
    >
    > Hope this helps.
    >
    >
    > --
    > - Nicholas Paldino [.NET/C# MVP]
    > -
    >
    > "lwickland" <> wrote in message
    > news:...
    > > Non-visual C# objects on a webpage are not marked as "safe for scripting"
    > >
    > > I'm developing .NET components in C# which are used as ActiveX-style
    > > controls on web pages that are displayed inside a custom browser which is
    > > based on the IE web browser control. On 3 of about 100 PCs that the
    > > controls
    > > have been tried on, the browser produces the following error message:
    > >
    > > An ActiveX control on this page is not safe.
    > > Your current security settings prohibit running unsafe controls on this
    > > page.
    > > As a result, this page may not display as intended.
    > >
    > > I believe this is the "not safe for scripting" error. According to what
    > > I've read, we shouldn't be seeing this error because the object tag which
    > > puts the C# control on the page references a URL in the CLASSID attribute;
    > > supposedly this type of reference automatically marks the object as safe
    > > for
    > > scripting. However, neither adding a 'mayscript="true"' attribute to the
    > > object tag nor implementing IObjectSafety eliminates the problem.
    > >
    > > The problem only plagues non-visual controls, i.e., C# objects which do
    > > not
    > > inherit from System.Windows.Forms.Control. The only step required to
    > > alleviate the problem is to inherit from System.Windows.Forms.Control or
    > > one
    > > of its derivatives. However, inheriting from
    > > System.ComponentModel.Component
    > > does not eliminate the error message.
    > >
    > > Is this the expected behavior? Is there another workaround which would
    > > allow me to put non-visual, non-Control-derived C# classes on the web
    > > page?
    > >
    > > I'm using v1.1 SP1 of the Framework.
    > >

    >
    >
    >
     
    How to implement IObjectSafety with C#?, Dec 7, 2004
    #6
  7. lwickland

    lwickland Guest

    Re: Non-visual C# objects on a webpage are not marked as &quot;saf

    > > As I noted in my original post, I have tried implementing
    > IObjectSafety to
    > > no avail.

    >
    > IObjectSafety & friends
    > ...


    I tried implementing IObjectSafety as you've listed it here and I saw the
    same "not safe for scripting" error. It's worth mentioning that my class
    wasn't derived from Control or UserControl as yours was.

    Thanks for the suggestion.
     
    lwickland, Dec 8, 2004
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Michael Westphal
    Replies:
    10
    Views:
    163,762
  2. news.verizon.net
    Replies:
    3
    Views:
    567
    Whitecrest
    Jun 21, 2004
  3. jordo

    newbie question - clearing the scr :S

    jordo, Dec 9, 2005, in forum: C Programming
    Replies:
    1
    Views:
    277
    Richard Bos
    Dec 9, 2005
  4. christy

    IE8 img scr="" displays a red X

    christy, Jul 24, 2009, in forum: ASP .Net
    Replies:
    3
    Views:
    3,086
    christy
    Jul 27, 2009
  5. David

    Using COM objects marked as "Both-Threading"

    David, Sep 30, 2004, in forum: ASP .Net Web Services
    Replies:
    0
    Views:
    101
    David
    Sep 30, 2004
Loading...

Share This Page