Re: mshtml
From: Gregor Sips (Sips_at_discussions.microsoft.com)
Date: 07/02/04
- Next message: Mike Becker: "PivotTable failed to connect to datasource"
- Previous message: Sascha Sertel: "OWC11 DataSource Misbehavior List (please explain how someone can program like this!)"
- In reply to: Alvin Bruney [MVP]: "Re: mshtml"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 2 Jul 2004 01:59:17 -0700
Thanks, I will try Javascript.
By the way, is there any documentation available on mshtml.dll ?
Gregor
"Alvin Bruney [MVP]" wrote:
> good point
>
> --
> Regards,
> Alvin Bruney
> [ASP.NET MVP http://mvp.support.microsoft.com/default.aspx]
> Got tidbits? Get it here... http://tinyurl.com/27cok
> "Sascha Sertel" <sascha@ninaza.com> wrote in message
> news:ODYgvB4XEHA.2364@TK2MSFTNGP12.phx.gbl...
> > Hi there,
> >
> >> that's a security concern you are dealing with. what if a virus could do
> >> what you are after. at midnight it fires a print with 10 million copies
> > and
> >> presses ok on the print dialog...
> >
> > I don't agree. While the security concern you are mentioning might be part
> > of it, I still consider it a pure inconvenience, and Microsoft is not
> > really
> > consistent with this kind of behavior. For example, it is possible with a
> > simple JavaScript or Python script to execute print functionality on any
> > Internet Explorer window. Here is a sample Python script that will
> > demonstrate what I mean:
> >
> > ------ Python Script start ---------
> >
> > import win32com.client
> > from time import sleep
> > # look in the makepy output for IE for the "CLSIDToClassMap"
> > # dictionary, and find the entry for "ShellWindows"
> > clsid = '{9BA05972-F6A8-11CF-A442-00A0C90A8F39}'
> >
> > # commands
> > OLECMDID_PRINT = 6
> > OLECMDEXECOPT_DONTPROMPTUSER = 2
> >
> > ShellWindows = win32com.client.Dispatch(clsid)
> >
> > # print the current IE document without prompting the user for the
> > printerdialog
> > ie = ShellWindows[1]
> >
> > ie.ExecWB(OLECMDID_PRINT,
> > OLECMDEXECOPT_DONTPROMPTUSER)
> >
> > ------ Python Script end ---------
> >
> >
> > If you execute the above script on a Python console, it will print the
> > contents of the first Internet Explorer window (the second actually, since
> > the index starts at 0, but the 0 window is usually the explorer instance
> > that is used for the taskbar etc.) without asking for anything. It's even
> > easier than a virus to put that on a webpage and have 1 million copies of
> > the webpage printed. The only thing which is not possible is to chose the
> > printer like that, it will always take the default printer.
> >
> > There are other examples, for instance Microsoft Outlook. Usually Outlook
> > will ask you if you want to allow access to another program if it tries to
> > access the inbox or send an email. But this is only true as long as you
> > use
> > a certain Outlook Application object. In the knowledgebase they explain
> > exactly that you can also use a different Outlook object which will not
> > ask
> > any questions and just execute what you want.
> >
> > As for Gregor's initial question, it's probably true that you cannot pass
> > that DONTPROMPTUSER value ther somehow, but if you can just open your HTML
> > document in an (invisible) Internet Explorer instance and use a mechanism
> > like shown above (it's also possible in JavaScript and VBScript) you
> > should
> > be able to print your HTML file without showing a print dialog.
> >
> > Sorry for the ranting, but security should be implemented through proper
> > authorization mechanisms, not through missing functionality.
> >
> > Sascha
> >
> >
>
>
>
- Next message: Mike Becker: "PivotTable failed to connect to datasource"
- Previous message: Sascha Sertel: "OWC11 DataSource Misbehavior List (please explain how someone can program like this!)"
- In reply to: Alvin Bruney [MVP]: "Re: mshtml"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
