Hi again,
FWIW, I have DQSD running inside a web browser control running inside a desk
band. Being sick is good for productivity :)
Here are the isolated issues I've observed with DQSD vs SP2:
1) InfoBar at startup
2) Popup windows get an InfoBar as well, or fail to show up
- Help window
- comx
- racetv
3) XmlHttp callers fail with Permission Denied
- httpinst
- comx
4) Running DQSD off the primary screen seems to trigger the Window
Restrictions of SP2
5) Apparently, the calendar is not showing - I have not been able to
repro this myself.
So, what I've done in my custom host is to implement
IInternetSecurityManager, which makes IE ask the host before it makes any
(well, we'll get into this later) security decisions. The way it currently
works is it lets any actions of the following types [1] pass through:
// These flags allow COM objects and client-side scripts to run
- URLACTION_ACTIVEX_RUN
- URLACTION_SCRIPT_RUN
// These flags are used to assume all objects/scripts are safe
- URLACTION_ACTIVEX_OVERRIDE_SCRIPT_SAFETY
- URLACTION_SCRIPT_OVERRIDE_SAFETY
- URLACTION_SCRIPT_SAFE_ACTIVEX
// These flags allow posting forms from the local zone to the
internet zone
- URLACTION_HTML_SUBMIT_FORMS_FROM
- URLACTION_HTML_SUBMIT_FORMS_TO
// This last one allows arbitrary window positioning
- URLACTION_FEATURE_WINDOW_RESTRICTIONS
All others are treated with the system default. The cool thing about this is
that I'm only controlling the IE instance used to run the toolbar, all other
IE's are still under the supervision of XP.
This cleanly solves issues 1 and 4. I had huge problems with 3, but now it's
suddenly started working great. I'm not sure what I did to fix it, so I'm
not too optimistic about it yet.
Popup windows (2) are still a problem, since they end up in their own IE
instance, and so are subject to SP2 security (i.e. no scripting allowed).
I've tried adding mark-of-the-web to the help window, but that didn't help,
probably because it's created and generated from script entirely. We can
probably work around it in script, one way or another.
As for the calendar, it just seems to be working.
Do we have any other open issues I can try and repro with my current setup?
Kim
[1]
http://msdn.microsoft.com/library/default.asp?url=/workshop/security/szone/r
eference/constants/urlaction.asp
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://productguide.itmanagersjournal.com/
_______________________________________________
DQSD-Devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/dqsd-devel
