How to develop (NPAPI) COM plugin for Chrome, Firefox, Safari [duplicate] - com

This question already has answers here:
How to write a browser plugin?
(4 answers)
Closed 9 years ago.
In my legacy web application I need to read user system registry from JS and do some other stuff. I cannot not use ActiveX for security reasons so I have written a plugin. My Plugin consists of a DLL file which is a COM component. This COM component exposes few functions which I call from Java Script code.
In IE I package my DLL in a CAB file and install it, say it's test.dll, in the following way:
<object classid="clsid:some class id here" codebase="test.cab" height="0" width="0" onError="testInstalled=false; return true;" id="testComp"></object>
The above HTML tag install the COM component as plugin in IE and Im able to access the exposed functions of the same from my JS code:
var testCompApp = document.testComp;
testCompApp.callSomeFunction();
It works fine in IE. I need the same functionality in other browsers(Chrome,Firefox, Safari)
Can you pls suggest how to develop plugins for other browsers using my DLL file?
Thanks,

I don't get it: First you say "I can't use ActiveX for security reasons", and then you do the same bad things that ActiveX does in all its dangerous glory: a CAB-packaged COM object running unrestricted native Win32.
How does doing that solve your security concerns with ActiveX?
Leaving aside for a minute the question of "security": if you are not doing "ActiveX" already, you're pretty close. I don't remember off the top of my head all the details of what goes into [the-IE-plug-in-architecture-that-shares-with-other-stuff-the-marketing-moniker-of] "ActiveX", but I think all you are missing to be called "ActiveX" is a few interfaces you must implement. I also suspect that by being shy of "ActiveX" you don't even get to sign your CAB with Authenticode, which would provide your users with a modicum of confidence (assuming you maintain proper controls and key management, and that your users trust you enough to allow your native code to run on their computers).
In any case, that DLL you wrote will only ever run in IE. There is no other browser that supports Win32 native COM objects (whether you choose to follow the ActiveX specification to the letter or not). If you want to do the same thing in other browsers, you are going to have to rewrite it with something else.
I think you have (at most) two options for doing what you want to do:
COM/ActiveX: Native Win32 code in a COM object. What you are doing now. This only works on IE and it's extremely dangerous for users, unless it's done in a controlled environment (e.g. if this is a commercial product to be distributed by an enterprise customer's IT department, or if you have an established presence and a reputation, like some large companies do).
Java:. This would run on all browsers assuming your users have the proper runtime installed and enabled. But it will only work for you if Java allows access to the information you seek via a sandbox-authorized method, because you can't call registry API's from the Java sandbox. The same goes for "the other stuff" you need the plug-in to do.
Ok, so you have a third option:
Reimplement the whole thing in something that is not tied to the browser: a native Windows executable; maybe in a downloadable installer or maybe a .NET program deployed via ClickOnce.
You are in a pickle: You are saying "I have security concerns with running ActiveX but I need to do something dangerous". Any piece of code downloadable and runnable by a web browser that is able to access the registry directly is - necessarily - a dangerous piece of code. Any conceivable technology that allows you to run such code from a browser will immediately elicit the very same security concerns that ActiveX elicits.
Indiscriminate access to the registry is out of the question from a modern browser sandboxed environment, so you either have to find a different source for the specific information you want, or you have to use ActiveX/COM running under IE.

Related

Tcl/Tk with WebKit?

Is it a realistic possibility to use WebKit (or any other available web engine) with Tcl/Tk to build the UI elements in a Tk top-level window based on HTML/CSS/JS?
I don't mean to build a web browser for viewing all internet content, but only to use it to display my content and store user input through interacting with a local SQLite database. I'd also like to be able to allow the user to update the database from a server when new information becomes available, but it is otherwise a desktop application requiring no connection to the internet.
I like Tk and may still use it only, but I'm having issues displaying multi-byte characters in RTL languages that I don't think can be resolved in the current version. I have this set up working as a web extension (which is mainly an application-specific UI library) using native-messaging to communicate with a C program compiled with the SQLite amalgamation file. It works fairly well, but I prefer to not have to depend on a web browser and have been trying to move it to Tcl/Tk.
Is this a stupid thought to consider a web engine, and I ought to just learn GTK or Qt, or perhaps Qt WebKit or WebKitGTK? I'm using Linux but would like it to work on Windows also.
Thank you.

Accessing dll from applet

I have a "proof of concept" piece of work that crosses over into some unfamiliar territory. I have some experience on J2EE technologies. I'm tasked with connecting an EFTPOS machine to an web application. I am planning to use applet to interact with dll. dll will be running on the client side.
I need to interact with one dll from web application. Please provide me any guidance on this, as I am new to it. I tried interacting with dll from standalone java program, but not able to connect from web application. Any sample codes will be very helpful for me.
Yes that is perfectly possible with an applet. I "connected" an electronice signing device before and it was working very well. Depening on what kind of .dll we are talking about here you need to do the following things:
1.) Create a java access layer / interface for your dll, so that you are able to call the dll functions from java. Depending what kind of dll we are talking about there are several possibilities. The base technology is JNI which is however quite cumbersome to use but luckily there are much more convienient ways out there:
use JNA (if it is a C dll)
use Jacob (if it is a COM component)
use bridj (if it is a c++ dll. You may try swig but haven't used that, so can't tell)
2.) Put your dll inside a jar file and distribute it alongside your applet. How this works is quite nicely described in the jacob project which provides an example for that. You can find it in the source package under jacob-1.17_src.zip\jacob-1.17\samples\com\jacob\samples\applet The example describes the JNLP way to access a native library which will work above java version 1.6.0_10. If you have to use a lower version for some reason, it is also possible but is slightly more tricky...
3.) One more side note: Since the latest available java version (1.7.0_51 or 1.6.0_71) due to security, some rules have been added or tightened for java applets. Now you have to sign your applet with an official certificate and set the right attributes/properties in the manifest, jnlp files. But this has been discussed in great detail here so just search for it. I would probably use a slightly older version for development and if that is working, figuring out how to make it work in the latest java version...
4.) Regarding the interaction part there are also several possibilities. Your Java Applet can call jscript methods from the website it is running in (or also the other way around) or the applet directly communicates with your server. You have all possibilities on that front...

Developing ActiveX control for Windows CE

I have a few questions on Windows CE.
1.Does Windows CE supports use of ActiveX objects in HTML page?
2.Can ActiveX controls be developed/written in .Net C# with Visual Studio 2008 for use on Windows CE 5.0 IE Browser?
3.Is it necessary to install .NET CF in handheld device?
The requirement is to get local information about the device(IP, hostname, etc.) from the html page. I am currently doing R&D to find out how to achieve this. What we thought of doing is to call a custom ActiveX dll from html file which will run locally on the hand held device to get the required information and pass it to the html page.
If anyone knows of other ways to achieve this then please share.
Thanks
Yes, the CE browser supports COM objects that implement IObjectSafety.
No. The controls must be written in C++. To make it even more fun, they must be compiled for the device OS and processor architecture. The reason you can't create them in .NET is because the Compact Framework doesn't support EE hosting, so native code cannot call managed code on a device (inside our outside a browser).
This is orthogonal since the answer to #2 is no.
There may be another way to achieve your goal, but it's not clear what the actual problem is to me. You have a page served up from the device that needs to show the IP address to a browser on the same device? How does that user get to that page? If it's from an app, you could have the app either report it directly or have the app get the IP and save it into an HTML page which you then browse to.
EDIT
Based on your comments, if your customer won't allow the install of the CF, then they likely aren't going to want you to install an ActiveX component either (and if you could do .NET components, it would have required the CF be installed, so your requirements would have precluded doing so even if it were supported).
Why not write a simple C program that does what your CF program does (i.e. saving device info to an HTML file) and that requires no additional framework installs?
If your HTML is being served from a webserver, then it already knows the IP address that it is talking to (i.e. there might be some proxies in the way, but if they're behaving, they can tell you who the remote client really is), so you might not need to install anything.
As for the version of Internet Explorer installed on CE 5, I don't believe it supports ActiveX at all, but you could install a .Net application instead of using a webpage to solicit information?

Is a scripting application allowed in the Windows Store?

So I have this bit of a project planned for Windows Store and Android. Basically, a networking multi-tool coupled with a scripting engine to implement protocols and behavior. Ideal uses being things like "my embedded device uses this simplistic network protocol. I'd like to quickly prototype a way to control it from my tablet".
It's my understanding that the Android market should have no problem with this. However, the Windows Store policy includes a vague clause concerning remote code execution
3.9 All app logic must originate from, and reside in, your app package Your app must not attempt to change or extend the packaged content
through any form of dynamic inclusion of code or data that changes how
the application interacts with the Windows Runtime, or behaves with
regard to Store policy. It is not permissible, for example, to
download a remote script and subsequently execute that script in the
local context of your app package.
Of course, the scripting engine will be sandboxed and such and should be "safe"(completely intepreted, no reflection), but does it violate this policy?
If you build in your scripting engine, and only run local scripts, you will be good. However, if you were thinking to have a repository of scripts that could be downloaded and subsequently run, that would be in violation of the policy as we understand it.
Unfortunately I don't think anyone but someone on that team can answer that (or someone with direct experience in that) because of the closeness to the legal language. Have you tried the Windows Store Appl Publishing forum at: http://social.msdn.microsoft.com/Forums/en-US/windowsstore/threads
In the context of scripting engine example given, unless the app modifies the scripting engine after deployment on user's system such that the representation of protocol/behavior (the script artifact's format) is made to change then it'll be policy violation. Its as if you submit Python interpreter, and at some point in time it abruptly moves onto interpreting ecmascript.

Suggestions on including the web browser control in VB.Net desktop application

I am writing a desktop app in VB.Net, and I'd like to include a web browser control to automate certain functions the user might have to perform in the browser. I have to render the page so I do not want to use the webrequest to make direct calls. When I publish the app, do I have to be concerned with which version of Internet Explorer the user has on their machine? Are their any third party, freely available, stable web browser controls available for VB.Net that people are using?
You could always ignore the whole IE issue and use the Mozilla engine embedded in your app:
geckofx
"An open-source component for
embedding Mozilla Gecko (Firefox) in
.NET applications."
http://code.google.com/p/geckofx/
Several versions of Visual Studio support web browser controls. Here is an article on how to implement one.
http://msdn.microsoft.com/en-us/library/system.windows.forms.webbrowser.aspx
The web browser control will work with different versions of Internet Explorer, but will be limited to the functionality supported by that version of Internet Explorer.
The article is based on Visual Studio 2008, but in the right corner of the article there are links, on how to use the web browser control, to earlier versions of Visual Studio.
If you embed the Webbrowser control in your application, what you're really doing is embedding a COM object. At runtime, your app will CoCreateInstance() the Webbrowser control, which will load it out of the version of SHDOCVW.DLL or IEFRAME.DLL that is currently on the machine. So, in plain English, you'll be getting the IE6, IE7 or IE8 Webbrowser control, depending on what is installed on the machine.
The practical differences, however, are minimal since the interfaces were published a long time ago and haven't changed over those versions. Differences in terms of different commands that some interfaces (such as IOleCommandTarget) support are abstracted away by the managed layer anyway, so you don't have to worry about that. The biggest difference will be rendering differences, since there is a huge delta in CSS conformance between IE6 and IE8. You'll have to test the various versions using Microsoft's app compat VHDs.
When I worked on the IE team application compatability wrt the Webbrowser control was a huge deal; the team works very hard to make sure that behavior doesn't regress for precisely this scenario—the custom enterprise VB app hosting the WebOC.
Though if you decide to go with an open-source solution to distribute with your app, may I suggest WebKit? Its layout engine is very good and the source code is pretty well maintained and easy to read, though you'll have to write your own managed hosting layer. The Gecko code is much harder to read and debug.