PRB: Hosting MSHTML With Scripting Activated Causes Instability (266343)


The information in this article applies to:

  • Microsoft Internet Explorer (Programming) 4.0
  • Microsoft Internet Explorer (Programming) 4.01
  • Microsoft Internet Explorer (Programming) 4.01 SP1
  • Microsoft Internet Explorer (Programming) 4.01 SP2
  • Microsoft Internet Explorer (Programming) 5
  • Microsoft Internet Explorer (Programming) 5.01
  • Microsoft Internet Explorer (Programming) 5.5
This article was previously published under Q266343

SYMPTOMS

Visual C++ developers often use the MSHTML component of Internet Explorer as an HTML parser without a user interface ("UI-less"). If script execution is turned on in this scenario, a number of problems can occur, including frequent host application failures.

CAUSE

MSHTML was never designed to handle this scenario, and Microsoft does not support such usage.

RESOLUTION

Microsoft recommends that developers always turn off script execution when they use MSHTML in this manner.

STATUS

This behavior is by design.

MORE INFORMATION

Script inside of an HTML page can greatly alter the page's document object model (DOM) through the insertion of nodes into the DOM and the use of such properties as innerHTML and outerHTML. Developers sometimes want to capture these changes by allowing script to execute in their UI-less parsers and trapping any calls made against the DOM.

There is no supported method under any hosting scenario to trap scripting calls against the DOM, other than the events that are generated by the documented DOM and WebBrowser Control event interfaces.

As shown in the WalkAll sample in the Platform SDK, UI-less MSHTML hosts should turn off script execution by responding to the DISPID_AMBIENT_DLCONTROL with the proper response mask. (NOTE: In the code sample below, CApp is the object in the WalkAll sample that contains the MSHTML rendering engine.) 
// MSHTML Queries for the IDispatch interface of the host through the IOleClientSite 
// interface that MSHTML is passed through its implementation of IOleObject::SetClientSite() 
STDMETHODIMP CApp::Invoke(DISPID dispIdMember, 
            REFIID riid, 
            LCID lcid, 
            WORD wFlags, 
            DISPPARAMS __RPC_FAR *pDispParams, 
            VARIANT __RPC_FAR *pVarResult, 
            EXCEPINFO __RPC_FAR *pExcepInfo, 
            UINT __RPC_FAR *puArgErr) 
{ 
	if (!pVarResult) { 
		return E_POINTER; 
	} 
 
	PrintDISPID(dispIdMember); 
	switch(dispIdMember) 	{ 
	case DISPID_AMBIENT_DLCONTROL:  
		// respond to this ambient to indicate that we only want to 
		// download the page, but we don't want to run scripts, 
		// Java applets, or ActiveX controls 
		V_VT(pVarResult) = VT_I4; 
		V_I4(pVarResult) =  
                   DLCTL_DOWNLOADONLY |  
		   DLCTL_NO_JAVA | 
		   DLCTL_NO_SCRIPTS |  
		   DLCTL_NO_DLACTIVEXCTLS | 
		   DLCTL_NO_RUNACTIVEXCTLS |
		   0; 
	break; 
	default: 
		return DISP_E_MEMBERNOTFOUND; 
	} 
	return NOERROR; 
}

REFERENCES

For more information about developing Web-based solutions for Microsoft Internet Explorer, visit the following Microsoft Web sites:

http://msdn.microsoft.com/ie/

http://support.microsoft.com/iep

Modification Type:MajorLast Reviewed:5/11/2006
Keywords:kbMSHTML kbprb KB266343
©2004 Microsoft Corporation. All rights reserved.