Block Ctrl+O in a comcontrol

Started by malonep, September 05, 2013, 04:51:25 PM

Previous topic - Next topic

malonep

Hi,

I am displaying an html page in a comcontrol but the user is able to navigate away from that page if they hit Ctrl+O.  The problem is my exe is running with elevated permissions so, the user could navigate to another file and install something they shouldn't have access to.


How would I block the Ctrl+O, or display the dialog with lower permissions, etc.?

Thanks

stanl

There are ways to intercept keystrokes, but I'm not convinced it would be that efficient. If your script uses a dynamic dialog, you might store the comcontrol's title then set up a timer and if the title changes pop-up a warning and re-navigate to the original page.

td

Quote from: malonep on September 05, 2013, 04:51:25 PM
Hi,

I am displaying an html page in a comcontrol but the user is able to navigate away from that page if they hit Ctrl+O.  The problem is my exe is running with elevated permissions so, the user could navigate to another file and install something they shouldn't have access to.


How would I block the Ctrl+O, or display the dialog with lower permissions, etc.?

Thanks

Sounds like you are using the WebBrowser component to display your HTML.  You could switch to the MSHTML component to display your html which does not have the ctrl+O functionality.  Alternatively, you could add a navigate event handler to your dialog in a dialog callback procedure and block any navigation you do not wish the user to perform.

The WinBatch consolidated help file covers this topic but the coverage is a bit scattered and takes a bit to wrap the mind around.  There should be a few examples in the tech db (a link to the Tech Database is provided at the top of this page) that might make things easier to grasp.
"No one who sees a peregrine falcon fly can ever forget the beauty and thrill of that flight."
  - Dr. Tom Cade

Deana

Turns out that the MSHTML COMCONTROL in the WIL dialogs will ignore those IE keystrokes.  Here is some sample code I came up with:


Code (winbatch) Select
#DefineSubRoutine InitDialogConstants()
   ;DialogprocOptions Constants
   MSG_INIT=0                    ; The one-time initialization
   MSG_TIMER=1                   ; Timer event
   MSG_BUTTONPUSHED=2            ; Pushbutton or Picturebutton
   MSG_RADIOPUSHED=3             ; Radiobutton clicked
   MSG_CHECKBOX=4                ; Checkbox clicked
   MSG_EDITBOX=5                 ; Editbox or Multilinebox
   MSG_FILESELECT=6              ; Filelistbox
   MSG_ITEMSELECT=7              ; Itembox
   MSG_COMBOCHANGE=8             ; Combobox/Droplistbox
   MSG_CALENDAR=9                ; Calendar date change
   MSG_SPINNER=10                ; Spinner number change
   MSG_CLOSEVIA49=11             ; Close clicked (Enabled via DialogProcOptions 1002
   MSG_FILEBOXDOUBLECLICK=12     ; Get double-click message on a FileListBox
   MSG_ITEMBOXDOUBLECLICK=13     ; Get double-click message on an ItemBox
   MSG_COMEVENT=14               ; COMCONTROL Event notification from DialogObject (NOT DialogProcOptions)
   MSG_MENUITEM=15               ; MenuItem selected
   MSG_MENUITEMINIT=16           ; MenuItem initialized
   MSG_RESIZE=17                 ; Dialog resized
   MSG_RVITEMSELROW=18           ; Reportview item select row
   MSG_RVDBLCLICKROW=19          ; Reportview double-click row
   MSG_RVCHECKEDITEM=20          ; Reportview checked/unchecked Item
   MSG_RVITEMTEXT=21             ; Reportview changed text of first column
   MSG_RVHEADER=22               ; Reportview header clicked

   DPO_DISABLESTATE=1000         ; codes -1=GetSetting 0=EnableDialog 1=DisableDialog
   DPO_CHANGEBACKGROUND=1001     ; -1=Get Current otherise bitmap or color string
   DPO_CHANGESYSMENU=1002        ; -1=Get Current 0=none 1=close 2=close/min 3=close/max 4=close/min/max
   DPO_CHANGETITLE=1003          ; Set/Get Dialog Title - (-1 to get)
   DPO_GETNAME=1004              ; Returns the name associated with a control's number.
   DPO_GETNUMBER=1005            ; Returns the number associated with a control's name.
   DPO_GETCLIENTAREA=1007        ; Returns a space delimited list of the width and height of the client area.

   ;DialogControlState Constants
   DCSTATE_SETFOCUS=1            ; Give Control Focus
   DCSTATE_QUERYSTYLE=2          ; Query control's style
   DCSTATE_ADDSTYLE=3            ; Add control style
   DCSTATE_REMOVESTYLE=4         ; Remove control style
   DCSTATE_GETFOCUS=5            ; Get control that has focus
   DCSTATE_MOVEMOUSEOVER=6       ; Move the mouse over the control

   DCSTYLE_DEFAULT=0             ; Set Default Style
   DCSTYLE_INVISIBLE=1           ; Set Control Invisible
   DCSTYLE_DISABLED=2            ; Set Control Disabled
   DCSTYLE_NOUSERDATA=4          ; Note: Setable via DialogControlState function ONLY SPINNER control only
   DCSTYLE_READONLY=8            ; Sets control to read-only (user cannot type in data) EDITBOX MULTILINEBOX SPINNER
   DCSTYLE_PASSWORD=16           ; Sets 'password mode' where only *'s are displayed EDITBOX
   DCSTYLE_DEFAULTBUTTON=32      ; Sets a button as the default button PUSHBUTTON PICTUREBUTTON
   DCSTYLE_DIGITSONLY=64         ; Set edit box to accept digits only EDITMOX MULTILINEBOX
   DCSTYLE_FLAT=128              ; Makes a 'flat' hyperlink-looking button PUSHBUTTON PICTUREBUTTON
   DCSTYLE_NOADJUST=256          ; Turns off auto-height adjustment  ITEMBOX FILELISTBOX
   DCSTYLE_TEXTCENTER=512        ; Center text in control VARYTEXT STATICTEXT
   DCSTYLE_TEXTRIGHT=1024        ; Flush-Right text in control VARYTEXT STATICTEXT
   DCSTYLE_NOSELCURLEFT=2048     ; No selection, cursor left EDITBOX MULTILINEBOX
   DCSTYLE_NOSELCURRIGHT=4096    ; No selection, cursor right EDITBOX MULTILINEBOX
   DCSTYLE_SHIELD=8192           ; Display Security Shield icon on button (Vista only) PUSHBUTTON PICTUREBUTTON
   DCSTYLE_MENUCHECK=32768       ; Adds a check mark to the left of a menu item MENUITEM
   DCSTYLE_MENURADIO=65536       ; Adds a radio button like dot graphic to the left of a menu item MENUITEM
   DCSTYLE_MENUSEP=131072        ; Separator bar graphic MENUITEM
   DCSTYLE_MENUBREAK=262144      ; Column break MENUBAR
   DCSTYLE_NOHEADER=524288       ; No header bar REPORTVIEW
   DCSTYLE_COLHEADER=1048576     ; First row column header REPORTVIEW
   DCSTYLE_GRIDLINES=2097152     ; Grid lines REPORTVIEW
   DCSTYLE_SELONEROW=4194304     ; Only one row can be selected at a time REPORTVIEW
   DCSTYLE_SELALLROW = 8388608   ; Highlight complete row REPORTVIEW
   DCSTYLE_SORTASC=16777216      ; Ascending sort REPORTVIEW
   DCSTYLE_SORTDESC=33554432     ; Descending sort REPORTVIEW
   DCSTYLE_EDITCOL=67108864      ; Edit first columns text REPORTVIEW
   DCSTYLE_COLCHECKBOX=134217728 ; Add checkbox to first column REPORTVIEW
   DCSTYLE_INSHEADER=268435456   ; Include column header text REPORTVIEW

   ;DialogControlSet / DialogControlGet Constants
   DC_CHECKBOX=1             ; CHECKBOX REPORTVIEW
   DC_RADIOBUTTON=2          ; RADIOBUTTON
   DC_EDITBOX=3              ; EDITBOX MULTILINEBOX
   DC_TITLE=4                ; PICTURE RADIOBUTTON CHECKBOX PICTUREBUTTON VARYTEXT STATICTEXT GROUPBOX PUSHBUTTON MENUITEM
   DC_ITEMBOXCONTENTS=5      ; ITEMBOX FILELISTBOX DROPLISTBOX REPORTVIEW
   DC_ITEMBOXSELECT=6        ; ITEMBOX FILELISTBOX DROPLISTBOX REPORTVIEW
   DC_CALENDAR=7             ; CALENDAR
   DC_SPINNER=8              ; SPINNER
   DC_MULTITABSTOPS=9        ; MULTILINEBOX
   DC_ITEMSCROLLPOS=10       ; ITEMBOX FILELISTBOX
   DC_BACKGROUNDCOLOR=11     ; RADIOBUTTON CHECKBOX VARYTEXT STATICTEXT GROUPBOX PUSHBUTTON ITEMBOX FILELISTBOX DROPLISTBOX SPINNER EDITBOX MULTILINEBOX REPORTVIEW
   DC_PICTUREBITMAP=12       ; PICTURE PICTUREBUTTON
   DC_TEXTCOLOR=13           ; RADIOBUTTON CHECKBOX VARYTEXT STATICTEXT GROUPBOX PUSHBUTTON ITEMBOX FILELISTBOX DROPLISTBOX SPINNER EDITBOX MULTILINEBOX REPORTVIEW
   DC_ITEMBOXADD=14          ; ITEMBOX FILELISTBOX DROPLISTBOX REPORTVIEW
   DC_ITEMBOXREMOVE=15       ; ITEMBOX FILELISTBOX DROPLISTBOX REPORTVIEW
   DC_RADIOVALUE=16          ; RADIOBUTTON
   DC_POSITION=17            ; ALL CONTROLS (Except MENUBAR and MENUITEM)
   DC_MENUNAMES=18           ; ALL CONTROLS
   DC_HANDLE=19              ; ALL CONTROLS (Except MENUBAR and MENUITEM)
   DC_RVCOLHEAD=20           ; REPORTVIEW
   DC_RVCOLWIDTH=21          ; REPORTVIEW
   DC_RVADDCOL=22            ; REPORTVIEW
   DC_RVREMOVECOL=23         ; REPORTVIEW
   DC_RVMATCHCOL=24          ; REPORTVIEW
   DC_RVCANCELEDIT=25        ; REPORTVIEW
   DC_RVCHECKEDROWS=26       ; REPORTVIEW
   DC_RVJUSTIFY=27           ; REPORTVIEW


   ;DialogObject constants
   DLGOBJECT_ADDEVENT=1      ; Call dialog callback when the specified event occurs
   DLGOBJECT_STOPEVENT=2     ; Stop calling dialog callback when an event previously requested with
   DLGOBJECT_GETOBJECT=3     ; Return an object references to the specified control
   DLGOBJECT_GETPICTURE=4    ; Create and return an object reference to a picture object

   ;Return code constants
   RET_DO_CANCEL=0           ; Cancels dialog
   RET_DO_DEFAULT= -1        ; Continue with default processing for control
   RET_DO_NOT_EXIT= -2       ; Do not exit the dialog
   return
#EndSubroutine

;============================================================
;============================================================
;============================================================

#DefineFunction NoKeyNavCallbackProc(NoKeyNav_Handle,NoKeyNav_Message,NoKeyNav_Name,NoKeyNav_EventInfo,NoKeyNav_ChangeInfo)
    InitDialogConstants()                                   ; Initialize Dialog Constants
   ON_EQUAL = @TRUE                                         ; Initialize variable ON_EQUAL
   switch NoKeyNav_Message                                  ; Switch based on Dialog Message type
      case MSG_INIT                                         ; Standard Initialization message
         ;DialogProcOptions(NoKeyNav_Handle,MSG_TIMER,1000)
         DialogProcOptions(NoKeyNav_Handle,MSG_BUTTONPUSHED,@TRUE)
         ;DialogObject(NoKeyNav_Handle, "ComControl_1", request-code, event-name/image-file, event-id )
         objMSHTML = DialogObject(NoKeyNav_Handle,"ComControl_1",DLGOBJECT_GETOBJECT)
         html = GetHTML('http://www.winbatch.com')
         objMSHTML.Writeln(html)

         return(RET_DO_DEFAULT)

     case MSG_BUTTONPUSHED
        if NoKeyNav_Name == "PushButton_OK"                ; OK
              return(RET_DO_DEFAULT)

        elseif NoKeyNav_Name == "PushButton_Cancel"        ; Cancel
              return(RET_DO_CANCEL)

        endif                                              ; NoKeyNav_Name
        return(RET_DO_DEFAULT)

     case MSG_COMEVENT                                     ; ID "ComControl_1"  MSHTML:
        return(RET_DO_DEFAULT)

   endswitch                                                ; NoKeyNav_Message
   return(RET_DO_DEFAULT)
#EndFunction                                                ; End of Dialog Callback NoKeyNavCallbackProc

#DefineFunction GetHTML(url)
   ;create simple HTTP request
   objWinHttp = CreateObject("WinHttp.WinHttpRequest.5.1")
   objWinHttp.Open("GET", url, @FALSE)
   objWinHttp.Send()
   objWinHttp.WaitForResponse()
   html = objWinHttp.ResponseText
   objWinHttp = 0
   Return html
#EndFunction


NoKeyNavFormat=`WWWDLGED,6.2`

NoKeyNavCaption=`Disable Keystroke Navigation`
NoKeyNavX=002
NoKeyNavY=059
NoKeyNavWidth=766
NoKeyNavHeight=353
NoKeyNavNumControls=004
NoKeyNavProcedure=`NoKeyNavCallbackProc`
NoKeyNavFont=`DEFAULT`
NoKeyNavTextColor=`DEFAULT`
NoKeyNavBackground=`DEFAULT,DEFAULT`
NoKeyNavConfig=0

NoKeyNav001=`231,333,036,012,PUSHBUTTON,"PushButton_OK",DEFAULT,"OK",1,10,32,DEFAULT,DEFAULT,DEFAULT`
NoKeyNav002=`499,333,036,012,PUSHBUTTON,"PushButton_Cancel",DEFAULT,"Cancel",0,20,DEFAULT,DEFAULT,DEFAULT,DEFAULT`
NoKeyNav003=`015,029,728,298,COMCONTROL,"ComControl_1",DEFAULT,"MSHTML:",DEFAULT,30,DEFAULT,DEFAULT,DEFAULT,DEFAULT`
NoKeyNav004=`161,009,404,012,STATICTEXT,"StaticText_1",DEFAULT,"IE keystrokes are ignored: ctrl+o, ctrl+t, ctrl+e",DEFAULT,40,512,"Microsoft Sans Serif|6656|70|34","255|0|0",DEFAULT`

ButtonPushed=Dialog("NoKeyNav")
Deana F.
Technical Support
Wilson WindowWare Inc.

malonep

Hi,

Your example does block the Ctrl+O but, it isn't showing pictures (local html files), where would I find information on a navigate event handler?

Thanks

Deana

I haven't been able to find a solution to handle those keystrokes using COM events. The WIL dialog currently supports disabling the context menu like this: http://techsupt.winbatch.com/webcgi/webbatch.exe?techsupt/tsleft.web+WinBatch/Dialog~Editor/Dialog~Editor~version~6.X/COMCONTROL+Disable~the~Context~Menu~on~a~WebPage~in~Dialog.txt


WinBatch adds several properties to the programming models of Internet Explorer components. These properties give you additional control over the appearance and behavior of both the WebBrowser Control and the MSHTML component. The following properties are provided by WIL to modify the behavior and appearance of both of the WebBrowser Control and the MSHTML component.

QuoteScrollable
Set this property to @TRUE to allow the user to scroll the content displayed by the control. The user cannot scroll the content of the control when the property is set to @FALSE. When set to @TRUE scroll bars are displayed in the control. The default for this property is @TRUE.

FlatScrollBars
When this property is set to @TRUE control scrollbars have a flat appearance. This property has no effect unless the Scrollable property is set to @TRUE. The FlatScrollBars property is set to @FALSE by default.

ContextMenu
This property controls the display of context menus when a user right-clicks on the control. When set to @TRUE the controls context menu is displayed. When set to @FALSE a right-click has no effect. The default for this property is @TRUE.

ThreeDBorder
Use this property to control the appearance of the controls border. This property affects the displayed documents border and any framesets within the document. Set the property to @TRUE to turn on 3-D borders.  The default for this property is @FALSE.

I wonder if we might need to add a property to disable key accelerators.



Deana F.
Technical Support
Wilson WindowWare Inc.