Our web application is a set of HTML and JavaScript files installed locally on a client machine and then transactions access our web servers. In normal circumstances, the domain security will prevent script access from a document in the internet domain
to a document on the local machine. Our application needs to have all such security restrictions removed and the following example is what worked for us. Essentially it associates all requests with one “scheme”, which in our case is “file:” since our web
pages are locally installed. “scheme” appears to be case sensitive at the time of this writing.
The number one issue that I’ve found with examples on the net is the lack of assigning the string length, which is the *pcbSecurityId parameter. I was not able to get our example to work without doing so. Just speculation, but it appears that IE expects to
find the 4 bytes at the offset of *pcbSecurityId by walking backwards.
Note: If you changed the scheme to be “http”, you would likely have to change the zone to the internet zone (URLZONE_INTERNET).
STDMETHODIMP MyIInternetSecurityManager::GetSecurityId(LPCWSTR pwszUrl, BYTE *pbSecurityId, DWORD *pcbSecurityId, DWORD_PTR dwReserved)
{
#define MY_SECURITY_DOMAIN "file:"
int cbSecurityDomain = strlen(MY_SECURITY_DOMAIN);
if (*pcbSecurityId >= MAX_SIZE_SECURITY_ID)
{
memset(pbSecurityId, 0, *pcbSecurityId);
strcpy((char*)pbSecurityId, MY_SECURITY_DOMAIN);
// Last 4 bytes are <URLZONE> and then 3 zeros.
pbSecurityId[ cbSecurityDomain + 1 ] = URLZONE_LOCAL_MACHINE;
pbSecurityId[ cbSecurityDomain + 2 ] = 0;
pbSecurityId[ cbSecurityDomain + 3 ] = 0;
pbSecurityId[ cbSecurityDomain + 4 ] = 0;
*pcbSecurityId = (DWORD) cbSecurityDomain + 4; // plus the 4 bytes from above.
}
return S_OK;
}
在我们用webbrowser控件访问服务器端返回的html 页面的时候,如果遇到框架内嵌的元素等访问。需要internet control和html object libray的支持。否则直接进行 mshtml访问的话,会提示拒绝等异常错误。
c#代码: HTMLDocument doc = (HTMLDocument)webBrowser1.Document.DomDocument;
object j;
for (int i = 0; i < doc.parentWindow.frames.length; i++)
{
j = i;
HTMLWindow2Class frame = doc.parentWindow.frames.item(ref j) as HTMLWindow2Class;
if (frame.name == "frame1")
{
MessageBox.Show(frame.document.title);
}
}
以上使用mshtml的动态链接库在iframe.name="framen1"这句会提示拒绝访问,解决方法vb6夸框架访问:
Private Function getFrames(ByVal WB As WebBrowser) As Object
Dim pContainer As olelib.IOleContainer
Dim pEnumerator As olelib.IEnumUnknown
Dim pUnk As olelib.IUnknown
Dim pBrowser As SHDocVwCtl.WebBrowser_V1
Set pContainer = WB.Object.Document
If pContainer.EnumObjects(OLECONTF_EMBEDDINGS, pEnumerator) = 0 Then
Set pContainer = Nothing
Do While pEnumerator.Next(1, pUnk) = 0
Set pBrowser = pUnk
If Err.Number = 0 Then
'Print "Frame: " & pBrowser.LocationURL
If pBrowser.LocationURL = "http://www.baidu.com/" Then '可以在这里加条件判断得到指定的frame,基本可以根据url或者innerHTML中的某个关键字符
Set getFrames = pBrowser
Exit Function
End If
End If
Loop
Set pEnumerator = Nothing
End If
End Function
以上基本可以访问跨域代码,当然前提是绕过ie的安全限制访问级别。另外以上代码需要Edanmo 的OLE interfaces &functions v1.81组件,VB本身有自带的,不过如果没有也可以下载一个或者CALL我。
通过以上即可登录百度新浪等网站进行空间文章发布等,不过百度新浪没有进一步提高安全性,通过webbrowser的框架访问即可赋值,代码如下:
webBrowser1.Document.Window.Frames["baidu_editor_0"].Document.Body.InnerHtml = "abagerfweqfqwfwqfwqe";
如果其本身框架内嵌套ID号形式的text文本方式框的话,即可用VB6.0框架访问。但是一般的用第一种方式即可。
olelib.tlb文件在非托管到托管过程中显现出一些警告的语句,在c#当中如果想要完全的运行完成貌似是不可能的,相关方案正在解决当中个。
Our web application is a set of HTML and JavaScript files installed locally on a client machine and then transactions access our web servers. In normal circumstances, the domain security will prevent script access from a document in the internet domain
to a document on the local machine. Our application needs to have all such security restrictions removed and the following example is what worked for us. Essentially it associates all requests with one “scheme”, which in our case is “file:” since our web
pages are locally installed. “scheme” appears to be case sensitive at the time of this writing.
The number one issue that I’ve found with examples on the net is the lack of assigning the string length, which is the *pcbSecurityId parameter. I was not able to get our example to work without doing so. Just speculation, but it appears that IE expects to
find the 4 bytes at the offset of *pcbSecurityId by walking backwards.
Note: If you changed the scheme to be “http”, you would likely have to change the zone to the internet zone (URLZONE_INTERNET).
STDMETHODIMP MyIInternetSecurityManager::GetSecurityId(LPCWSTR pwszUrl, BYTE *pbSecurityId, DWORD *pcbSecurityId, DWORD_PTR dwReserved)
{
#define MY_SECURITY_DOMAIN "file:"
int cbSecurityDomain = strlen(MY_SECURITY_DOMAIN);
if (*pcbSecurityId >= MAX_SIZE_SECURITY_ID)
{
memset(pbSecurityId, 0, *pcbSecurityId);
strcpy((char*)pbSecurityId, MY_SECURITY_DOMAIN);
// Last 4 bytes are <URLZONE> and then 3 zeros.
pbSecurityId[ cbSecurityDomain + 1 ] = URLZONE_LOCAL_MACHINE;
pbSecurityId[ cbSecurityDomain + 2 ] = 0;
pbSecurityId[ cbSecurityDomain + 3 ] = 0;
pbSecurityId[ cbSecurityDomain + 4 ] = 0;
*pcbSecurityId = (DWORD) cbSecurityDomain + 4; // plus the 4 bytes from above.
}
return S_OK;
}
http://msdn.microsoft.com/en-us/library/ms537122(v=vs.85).aspx