L
lwickland
Non-visual C# objects on a webpage are not marked as "safe for scripting"
I'm developing .NET components in C# which are used as ActiveX-style
controls on web pages that are displayed inside a custom browser which is
based on the IE web browser control. On 3 of about 100 PCs that the controls
have been tried on, the browser produces the following error message:
An ActiveX control on this page is not safe.
Your current security settings prohibit running unsafe controls on this
page.
As a result, this page may not display as intended.
I believe this is the "not safe for scripting" error. According to what
I've read, we shouldn't be seeing this error because the object tag which
puts the C# control on the page references a URL in the CLASSID attribute;
supposedly this type of reference automatically marks the object as safe for
scripting. However, neither adding a 'mayscript="true"' attribute to the
object tag nor implementing IObjectSafety eliminates the problem.
The problem only plagues non-visual controls, i.e., C# objects which do not
inherit from System.Windows.Forms.Control. The only step required to
alleviate the problem is to inherit from System.Windows.Forms.Control or one
of its derivatives. However, inheriting from System.ComponentModel.Component
does not eliminate the error message.
Is this the expected behavior? Is there another workaround which would
allow me to put non-visual, non-Control-derived C# classes on the web page?
I'm using v1.1 SP1 of the Framework.
I'm developing .NET components in C# which are used as ActiveX-style
controls on web pages that are displayed inside a custom browser which is
based on the IE web browser control. On 3 of about 100 PCs that the controls
have been tried on, the browser produces the following error message:
An ActiveX control on this page is not safe.
Your current security settings prohibit running unsafe controls on this
page.
As a result, this page may not display as intended.
I believe this is the "not safe for scripting" error. According to what
I've read, we shouldn't be seeing this error because the object tag which
puts the C# control on the page references a URL in the CLASSID attribute;
supposedly this type of reference automatically marks the object as safe for
scripting. However, neither adding a 'mayscript="true"' attribute to the
object tag nor implementing IObjectSafety eliminates the problem.
The problem only plagues non-visual controls, i.e., C# objects which do not
inherit from System.Windows.Forms.Control. The only step required to
alleviate the problem is to inherit from System.Windows.Forms.Control or one
of its derivatives. However, inheriting from System.ComponentModel.Component
does not eliminate the error message.
Is this the expected behavior? Is there another workaround which would
allow me to put non-visual, non-Control-derived C# classes on the web page?
I'm using v1.1 SP1 of the Framework.