PRB: Permission Denied Accessing Web Browser Control in HTMLLast reviewed: January 19, 1998Article ID: Q176789 |
The information in this article applies to:
SYMPTOMSWhen scripting a WebBrowser control that has been embedded in an HTML page, attempts to use any standard WebBrowser Control methods or properties fail with a "Permission Denied" scripting error.
CAUSEBecause of cross-frame security restrictions, any attempt to access the WebBrowser control from script automatically fails after the control has been set to browse a page in a different security context from the page hosting the control.
RESOLUTIONReplace any references to the WebBrowser control with an IFRAME tag. The IFRAME, for all intents and purposes, functions in the same manner as the WebBrowser control and can be positioned on a page. See the MORE INFORMATION below for an example of how to do this.
STATUSThis behavior is by design.
MORE INFORMATIONPlease note that this article discusses only the use of the WebBrowser control directly in an HTML page with the <OBJECT> tag and script.
Steps to Reproduce BehaviorThe following HTML page reproduces this problem:
<HTML>
<HEAD>
<SCRIPT LANGUAGE="VBScript">
<!--
Sub window_onload()
WebBrowser1.Navigate "http://www.microsoft.com"
end sub
Sub document_onmousedown()
WebBrowser1.Navigate "http://testserver1"
end sub
-->
</SCRIPT>
<TITLE>WebBrowser Control in HTML</TITLE>
</HEAD>
<BODY>
<OBJECT ID="WebBrowser1" WIDTH=332 HEIGHT=276
CLASSID="CLSID:8856F961-340A-11D0-A96B-00C04FD705A2">
<PARAM NAME="ExtentX" VALUE="8784">
<PARAM NAME="ExtentY" VALUE="7303">
<PARAM NAME="ViewMode" VALUE="1">
<PARAM NAME="Offline" VALUE="0">
<PARAM NAME="Silent" VALUE="0">
<PARAM NAME="RegisterAsBrowser" VALUE="0">
<PARAM NAME="RegisterAsDropTarget" VALUE="0">
<PARAM NAME="AutoArrange" VALUE="1">
<PARAM NAME="NoClientEdge" VALUE="1">
<PARAM NAME="AlignLeft" VALUE="0">
</OBJECT>
</BODY>
</HTML>
When this example page is loaded in Internet Explorer 4.0 (IE4), the
"window_onload" event handler navigates the embedded WebBrowser control to
"http://www.microsoft.com." Assuming that this example page is stored on
the local system and is accessed via "file://," the embedded WebBrowser
control is now hosting a document from a domain and protocol that is
different than the parent page. This is analogous to a using an IFRAME
inside an HTML page, where the IFRAME src property points to a document on
another domain.
At this point, unlike with an IFRAME, any and all script access to the "WebBrowser1" object fails with the "Permission Denied" message box. With an IFRAME, certain properties and methods are safe to use in a cross-frame security situation. If the "document_onmousedown" event is fired in the above example by clicking the mouse button on the page, Internet Explorer 4.0 displays a "Permission Denied" message box. Here is the preferred substitute HTML page that is roughly equivalent to the example above:
<HTML>
<HEAD>
<SCRIPT LANGUAGE="VBScript">
<!--
Sub window_onload()
window.frames(0).location.href = "http://www.microsoft.com"
end sub
Sub document_onmousedown()
window.frames(0).location.href = "http://testserver1"
end sub
-->
</SCRIPT>
<TITLE>WebBrowser Control in HTML</TITLE>
</HEAD>
<BODY>
<IFRAME ID="TestFrame1" WIDTH=332 HEIGHT=276>
</BODY>
</HTML>
In this example, the event handler for "document_onmousedown" succeeds
because cross-frame security permits setting the src property but not
reading it.
REFERENCESFor additional information about Cross-Frame Security, please see the following article in the Microsoft Knowledge Base:
ARTICLE-ID: Q167796 TITLE : PRB: "Permission Denied" When Scripting Across Frames Keywords : AXSDKWebBrowser kbcode Technology : kbInetDev Version : WINDOWS:4.0,4.01 Platform : WINDOWS Issue type : kbprb |
================================================================================
© 1998 Microsoft Corporation. All rights reserved. Terms of Use. |