Using a Custom Internet Security Manager with MSXML
This topic shows how to implement a custom Internet security manager in C++.
To Implement a Custom Internet Security Manager
To provide your security manager implementation to MSXML, set your site object on DOM document objects that you create.
Create one or more IXMLDomDocument objects. This sample instantiates only a single object.
IXMLDOMDocument2 *pDOMDocument = NULL; hr = CoCreateInstance(DOMCLSID, NULL, CLSCTX_INPROC, IID_IXMLDOMDocument2, (LPVOID *)&pDOMDocument); if (FAILED(hr)) { // Perform error handling... }
Create an instance of the class that implements the security manager interfaces. In this example, we create a
CSiteImpl
type. ProvidesecureBaseURL
as a parameter to the constructor of theCSiteImpl
type:CSiteImpl * pSite = new CSiteImpl(secureBaseURL);
Set the action map for the
pSite
object. The ACTIONMAP structure contains a lookup table that represents security policies. Each entry in the table represents one policy for a specific URL security zone:ACTIONMAP actionMap[] = { ACTIONMAP(URLZONE_INTERNET, URLACTION_CROSS_DOMAIN_DATA, URLPOLICY_ALLOW), }; int nActionMapCount = sizeof(actionMap) / sizeof(ACTIONMAP); pSite->SetActionMap(pActionMap, nActionMapCount);
Set the zone map for the
pSite
object. In this example, we set ZONEMAP*pZoneMap
to NULL and intnZoneMapCount
to 0.pSite->SetZoneMap(pZoneMap, nZoneMapCount);
To make your
IXMLDomDocument
object safe, you have to mark it as safe and set the site object on it. The following code demonstrates how to mark yourIXMLDomDocument
object as safe:IObjectSafetyPtr pObjectSafety(pDOMDocument); if (pObjectSafety != NULL) { DWORD dwSafetyOpt = INTERFACESAFE_FOR_UNTRUSTED_CALLER | INTERFACESAFE_FOR_UNTRUSTED_DATA; hr = pObjectSafety->SetInterfaceSafetyOptions(IID_IUnknown, dwSafetyOpt, dwSafetyOpt); if(FAILED(hr)) { return hr; } }
Set the site object on your
IXMLDomDocument
object:IObjectWithSitePtr pObjectWithSite(pDOMDocument); if (pObjectWithSite != NULL) { hr = pObjectWithSite->SetSite(pSite); if (FAILED(hr)) { return hr; } }
See Also
Creating a Custom Internet Security Manager for MSXML 6.0
Custom Internet Security Manager Examples