Hi,
I am displaying an html page in a comcontrol but the user is able to navigate away from that page if they hit Ctrl+O. The problem is my exe is running with elevated permissions so, the user could navigate to another file and install something they shouldn't have access to.
How would I block the Ctrl+O, or display the dialog with lower permissions, etc.?
Thanks
There are ways to intercept keystrokes, but I'm not convinced it would be that efficient. If your script uses a dynamic dialog, you might store the comcontrol's title then set up a timer and if the title changes pop-up a warning and re-navigate to the original page.
Quote from: malonep on September 05, 2013, 04:51:25 PM
Hi,
I am displaying an html page in a comcontrol but the user is able to navigate away from that page if they hit Ctrl+O. The problem is my exe is running with elevated permissions so, the user could navigate to another file and install something they shouldn't have access to.
How would I block the Ctrl+O, or display the dialog with lower permissions, etc.?
Thanks
Sounds like you are using the WebBrowser component to display your HTML. You could switch to the MSHTML component to display your html which does not have the ctrl+O functionality. Alternatively, you could add a navigate event handler to your dialog in a dialog callback procedure and block any navigation you do not wish the user to perform.
The WinBatch consolidated help file covers this topic but the coverage is a bit scattered and takes a bit to wrap the mind around. There should be a few examples in the tech db (a link to the Tech Database is provided at the top of this page) that might make things easier to grasp.
Turns out that the MSHTML COMCONTROL in the WIL dialogs will ignore those IE keystrokes. Here is some sample code I came up with:
#DefineSubRoutine InitDialogConstants()
;DialogprocOptions Constants
MSG_INIT=0 ; The one-time initialization
MSG_TIMER=1 ; Timer event
MSG_BUTTONPUSHED=2 ; Pushbutton or Picturebutton
MSG_RADIOPUSHED=3 ; Radiobutton clicked
MSG_CHECKBOX=4 ; Checkbox clicked
MSG_EDITBOX=5 ; Editbox or Multilinebox
MSG_FILESELECT=6 ; Filelistbox
MSG_ITEMSELECT=7 ; Itembox
MSG_COMBOCHANGE=8 ; Combobox/Droplistbox
MSG_CALENDAR=9 ; Calendar date change
MSG_SPINNER=10 ; Spinner number change
MSG_CLOSEVIA49=11 ; Close clicked (Enabled via DialogProcOptions 1002
MSG_FILEBOXDOUBLECLICK=12 ; Get double-click message on a FileListBox
MSG_ITEMBOXDOUBLECLICK=13 ; Get double-click message on an ItemBox
MSG_COMEVENT=14 ; COMCONTROL Event notification from DialogObject (NOT DialogProcOptions)
MSG_MENUITEM=15 ; MenuItem selected
MSG_MENUITEMINIT=16 ; MenuItem initialized
MSG_RESIZE=17 ; Dialog resized
MSG_RVITEMSELROW=18 ; Reportview item select row
MSG_RVDBLCLICKROW=19 ; Reportview double-click row
MSG_RVCHECKEDITEM=20 ; Reportview checked/unchecked Item
MSG_RVITEMTEXT=21 ; Reportview changed text of first column
MSG_RVHEADER=22 ; Reportview header clicked
DPO_DISABLESTATE=1000 ; codes -1=GetSetting 0=EnableDialog 1=DisableDialog
DPO_CHANGEBACKGROUND=1001 ; -1=Get Current otherise bitmap or color string
DPO_CHANGESYSMENU=1002 ; -1=Get Current 0=none 1=close 2=close/min 3=close/max 4=close/min/max
DPO_CHANGETITLE=1003 ; Set/Get Dialog Title - (-1 to get)
DPO_GETNAME=1004 ; Returns the name associated with a control's number.
DPO_GETNUMBER=1005 ; Returns the number associated with a control's name.
DPO_GETCLIENTAREA=1007 ; Returns a space delimited list of the width and height of the client area.
;DialogControlState Constants
DCSTATE_SETFOCUS=1 ; Give Control Focus
DCSTATE_QUERYSTYLE=2 ; Query control's style
DCSTATE_ADDSTYLE=3 ; Add control style
DCSTATE_REMOVESTYLE=4 ; Remove control style
DCSTATE_GETFOCUS=5 ; Get control that has focus
DCSTATE_MOVEMOUSEOVER=6 ; Move the mouse over the control
DCSTYLE_DEFAULT=0 ; Set Default Style
DCSTYLE_INVISIBLE=1 ; Set Control Invisible
DCSTYLE_DISABLED=2 ; Set Control Disabled
DCSTYLE_NOUSERDATA=4 ; Note: Setable via DialogControlState function ONLY SPINNER control only
DCSTYLE_READONLY=8 ; Sets control to read-only (user cannot type in data) EDITBOX MULTILINEBOX SPINNER
DCSTYLE_PASSWORD=16 ; Sets 'password mode' where only *'s are displayed EDITBOX
DCSTYLE_DEFAULTBUTTON=32 ; Sets a button as the default button PUSHBUTTON PICTUREBUTTON
DCSTYLE_DIGITSONLY=64 ; Set edit box to accept digits only EDITMOX MULTILINEBOX
DCSTYLE_FLAT=128 ; Makes a 'flat' hyperlink-looking button PUSHBUTTON PICTUREBUTTON
DCSTYLE_NOADJUST=256 ; Turns off auto-height adjustment ITEMBOX FILELISTBOX
DCSTYLE_TEXTCENTER=512 ; Center text in control VARYTEXT STATICTEXT
DCSTYLE_TEXTRIGHT=1024 ; Flush-Right text in control VARYTEXT STATICTEXT
DCSTYLE_NOSELCURLEFT=2048 ; No selection, cursor left EDITBOX MULTILINEBOX
DCSTYLE_NOSELCURRIGHT=4096 ; No selection, cursor right EDITBOX MULTILINEBOX
DCSTYLE_SHIELD=8192 ; Display Security Shield icon on button (Vista only) PUSHBUTTON PICTUREBUTTON
DCSTYLE_MENUCHECK=32768 ; Adds a check mark to the left of a menu item MENUITEM
DCSTYLE_MENURADIO=65536 ; Adds a radio button like dot graphic to the left of a menu item MENUITEM
DCSTYLE_MENUSEP=131072 ; Separator bar graphic MENUITEM
DCSTYLE_MENUBREAK=262144 ; Column break MENUBAR
DCSTYLE_NOHEADER=524288 ; No header bar REPORTVIEW
DCSTYLE_COLHEADER=1048576 ; First row column header REPORTVIEW
DCSTYLE_GRIDLINES=2097152 ; Grid lines REPORTVIEW
DCSTYLE_SELONEROW=4194304 ; Only one row can be selected at a time REPORTVIEW
DCSTYLE_SELALLROW = 8388608 ; Highlight complete row REPORTVIEW
DCSTYLE_SORTASC=16777216 ; Ascending sort REPORTVIEW
DCSTYLE_SORTDESC=33554432 ; Descending sort REPORTVIEW
DCSTYLE_EDITCOL=67108864 ; Edit first columns text REPORTVIEW
DCSTYLE_COLCHECKBOX=134217728 ; Add checkbox to first column REPORTVIEW
DCSTYLE_INSHEADER=268435456 ; Include column header text REPORTVIEW
;DialogControlSet / DialogControlGet Constants
DC_CHECKBOX=1 ; CHECKBOX REPORTVIEW
DC_RADIOBUTTON=2 ; RADIOBUTTON
DC_EDITBOX=3 ; EDITBOX MULTILINEBOX
DC_TITLE=4 ; PICTURE RADIOBUTTON CHECKBOX PICTUREBUTTON VARYTEXT STATICTEXT GROUPBOX PUSHBUTTON MENUITEM
DC_ITEMBOXCONTENTS=5 ; ITEMBOX FILELISTBOX DROPLISTBOX REPORTVIEW
DC_ITEMBOXSELECT=6 ; ITEMBOX FILELISTBOX DROPLISTBOX REPORTVIEW
DC_CALENDAR=7 ; CALENDAR
DC_SPINNER=8 ; SPINNER
DC_MULTITABSTOPS=9 ; MULTILINEBOX
DC_ITEMSCROLLPOS=10 ; ITEMBOX FILELISTBOX
DC_BACKGROUNDCOLOR=11 ; RADIOBUTTON CHECKBOX VARYTEXT STATICTEXT GROUPBOX PUSHBUTTON ITEMBOX FILELISTBOX DROPLISTBOX SPINNER EDITBOX MULTILINEBOX REPORTVIEW
DC_PICTUREBITMAP=12 ; PICTURE PICTUREBUTTON
DC_TEXTCOLOR=13 ; RADIOBUTTON CHECKBOX VARYTEXT STATICTEXT GROUPBOX PUSHBUTTON ITEMBOX FILELISTBOX DROPLISTBOX SPINNER EDITBOX MULTILINEBOX REPORTVIEW
DC_ITEMBOXADD=14 ; ITEMBOX FILELISTBOX DROPLISTBOX REPORTVIEW
DC_ITEMBOXREMOVE=15 ; ITEMBOX FILELISTBOX DROPLISTBOX REPORTVIEW
DC_RADIOVALUE=16 ; RADIOBUTTON
DC_POSITION=17 ; ALL CONTROLS (Except MENUBAR and MENUITEM)
DC_MENUNAMES=18 ; ALL CONTROLS
DC_HANDLE=19 ; ALL CONTROLS (Except MENUBAR and MENUITEM)
DC_RVCOLHEAD=20 ; REPORTVIEW
DC_RVCOLWIDTH=21 ; REPORTVIEW
DC_RVADDCOL=22 ; REPORTVIEW
DC_RVREMOVECOL=23 ; REPORTVIEW
DC_RVMATCHCOL=24 ; REPORTVIEW
DC_RVCANCELEDIT=25 ; REPORTVIEW
DC_RVCHECKEDROWS=26 ; REPORTVIEW
DC_RVJUSTIFY=27 ; REPORTVIEW
;DialogObject constants
DLGOBJECT_ADDEVENT=1 ; Call dialog callback when the specified event occurs
DLGOBJECT_STOPEVENT=2 ; Stop calling dialog callback when an event previously requested with
DLGOBJECT_GETOBJECT=3 ; Return an object references to the specified control
DLGOBJECT_GETPICTURE=4 ; Create and return an object reference to a picture object
;Return code constants
RET_DO_CANCEL=0 ; Cancels dialog
RET_DO_DEFAULT= -1 ; Continue with default processing for control
RET_DO_NOT_EXIT= -2 ; Do not exit the dialog
return
#EndSubroutine
;============================================================
;============================================================
;============================================================
#DefineFunction NoKeyNavCallbackProc(NoKeyNav_Handle,NoKeyNav_Message,NoKeyNav_Name,NoKeyNav_EventInfo,NoKeyNav_ChangeInfo)
InitDialogConstants() ; Initialize Dialog Constants
ON_EQUAL = @TRUE ; Initialize variable ON_EQUAL
switch NoKeyNav_Message ; Switch based on Dialog Message type
case MSG_INIT ; Standard Initialization message
;DialogProcOptions(NoKeyNav_Handle,MSG_TIMER,1000)
DialogProcOptions(NoKeyNav_Handle,MSG_BUTTONPUSHED,@TRUE)
;DialogObject(NoKeyNav_Handle, "ComControl_1", request-code, event-name/image-file, event-id )
objMSHTML = DialogObject(NoKeyNav_Handle,"ComControl_1",DLGOBJECT_GETOBJECT)
html = GetHTML('http://www.winbatch.com')
objMSHTML.Writeln(html)
return(RET_DO_DEFAULT)
case MSG_BUTTONPUSHED
if NoKeyNav_Name == "PushButton_OK" ; OK
return(RET_DO_DEFAULT)
elseif NoKeyNav_Name == "PushButton_Cancel" ; Cancel
return(RET_DO_CANCEL)
endif ; NoKeyNav_Name
return(RET_DO_DEFAULT)
case MSG_COMEVENT ; ID "ComControl_1" MSHTML:
return(RET_DO_DEFAULT)
endswitch ; NoKeyNav_Message
return(RET_DO_DEFAULT)
#EndFunction ; End of Dialog Callback NoKeyNavCallbackProc
#DefineFunction GetHTML(url)
;create simple HTTP request
objWinHttp = CreateObject("WinHttp.WinHttpRequest.5.1")
objWinHttp.Open("GET", url, @FALSE)
objWinHttp.Send()
objWinHttp.WaitForResponse()
html = objWinHttp.ResponseText
objWinHttp = 0
Return html
#EndFunction
NoKeyNavFormat=`WWWDLGED,6.2`
NoKeyNavCaption=`Disable Keystroke Navigation`
NoKeyNavX=002
NoKeyNavY=059
NoKeyNavWidth=766
NoKeyNavHeight=353
NoKeyNavNumControls=004
NoKeyNavProcedure=`NoKeyNavCallbackProc`
NoKeyNavFont=`DEFAULT`
NoKeyNavTextColor=`DEFAULT`
NoKeyNavBackground=`DEFAULT,DEFAULT`
NoKeyNavConfig=0
NoKeyNav001=`231,333,036,012,PUSHBUTTON,"PushButton_OK",DEFAULT,"OK",1,10,32,DEFAULT,DEFAULT,DEFAULT`
NoKeyNav002=`499,333,036,012,PUSHBUTTON,"PushButton_Cancel",DEFAULT,"Cancel",0,20,DEFAULT,DEFAULT,DEFAULT,DEFAULT`
NoKeyNav003=`015,029,728,298,COMCONTROL,"ComControl_1",DEFAULT,"MSHTML:",DEFAULT,30,DEFAULT,DEFAULT,DEFAULT,DEFAULT`
NoKeyNav004=`161,009,404,012,STATICTEXT,"StaticText_1",DEFAULT,"IE keystrokes are ignored: ctrl+o, ctrl+t, ctrl+e",DEFAULT,40,512,"Microsoft Sans Serif|6656|70|34","255|0|0",DEFAULT`
ButtonPushed=Dialog("NoKeyNav")
Hi,
Your example does block the Ctrl+O but, it isn't showing pictures (local html files), where would I find information on a navigate event handler?
Thanks
I haven't been able to find a solution to handle those keystrokes using COM events. The WIL dialog currently supports disabling the context menu like this: http://techsupt.winbatch.com/webcgi/webbatch.exe?techsupt/tsleft.web+WinBatch/Dialog~Editor/Dialog~Editor~version~6.X/COMCONTROL+Disable~the~Context~Menu~on~a~WebPage~in~Dialog.txt
WinBatch adds several properties to the programming models of Internet Explorer components. These properties give you additional control over the appearance and behavior of both the WebBrowser Control and the MSHTML component. The following properties are provided by WIL to modify the behavior and appearance of both of the WebBrowser Control and the MSHTML component.
QuoteScrollable
Set this property to @TRUE to allow the user to scroll the content displayed by the control. The user cannot scroll the content of the control when the property is set to @FALSE. When set to @TRUE scroll bars are displayed in the control. The default for this property is @TRUE.
FlatScrollBars
When this property is set to @TRUE control scrollbars have a flat appearance. This property has no effect unless the Scrollable property is set to @TRUE. The FlatScrollBars property is set to @FALSE by default.
ContextMenu
This property controls the display of context menus when a user right-clicks on the control. When set to @TRUE the controls context menu is displayed. When set to @FALSE a right-click has no effect. The default for this property is @TRUE.
ThreeDBorder
Use this property to control the appearance of the controls border. This property affects the displayed documents border and any framesets within the document. Set the property to @TRUE to turn on 3-D borders. The default for this property is @FALSE.
I wonder if we might need to add a property to disable key accelerators.