PRB: Permission Denied Accessing Web Browser Control in HTML

Last reviewed: January 19, 1998
Article ID: Q176789
The information in this article applies to:
  • Internet Client SDK, versions 4.0, 4.01
  • Microsoft Internet Explorer (Programming), versions 4.0, 4.01

SYMPTOMS

When scripting a WebBrowser control that has been embedded in an HTML page, attempts to use any standard WebBrowser Control methods or properties fail with a "Permission Denied" scripting error.

CAUSE

Because of cross-frame security restrictions, any attempt to access the WebBrowser control from script automatically fails after the control has been set to browse a page in a different security context from the page hosting the control.

RESOLUTION

Replace any references to the WebBrowser control with an IFRAME tag. The IFRAME, for all intents and purposes, functions in the same manner as the WebBrowser control and can be positioned on a page. See the MORE INFORMATION below for an example of how to do this.

STATUS

This behavior is by design.

MORE INFORMATION

Please note that this article discusses only the use of the WebBrowser control directly in an HTML page with the <OBJECT> tag and script.

Steps to Reproduce Behavior

The following HTML page reproduces this problem:

   <HTML>
   <HEAD>
   <SCRIPT LANGUAGE="VBScript">
   <!--
   Sub window_onload()
      WebBrowser1.Navigate "http://www.microsoft.com"
   end sub

   Sub document_onmousedown()
      WebBrowser1.Navigate "http://testserver1"
   end sub
   -->
   </SCRIPT>
   <TITLE>WebBrowser Control in HTML</TITLE>
   </HEAD>
   <BODY>
      <OBJECT ID="WebBrowser1" WIDTH=332 HEIGHT=276
         CLASSID="CLSID:8856F961-340A-11D0-A96B-00C04FD705A2">
         <PARAM NAME="ExtentX" VALUE="8784">
         <PARAM NAME="ExtentY" VALUE="7303">
         <PARAM NAME="ViewMode" VALUE="1">
         <PARAM NAME="Offline" VALUE="0">
         <PARAM NAME="Silent" VALUE="0">
         <PARAM NAME="RegisterAsBrowser" VALUE="0">
         <PARAM NAME="RegisterAsDropTarget" VALUE="0">
         <PARAM NAME="AutoArrange" VALUE="1">
         <PARAM NAME="NoClientEdge" VALUE="1">
         <PARAM NAME="AlignLeft" VALUE="0">
      </OBJECT>
   </BODY>
   </HTML>

When this example page is loaded in Internet Explorer 4.0 (IE4), the "window_onload" event handler navigates the embedded WebBrowser control to "http://www.microsoft.com." Assuming that this example page is stored on the local system and is accessed via "file://," the embedded WebBrowser control is now hosting a document from a domain and protocol that is different than the parent page. This is analogous to a using an IFRAME inside an HTML page, where the IFRAME src property points to a document on another domain.

At this point, unlike with an IFRAME, any and all script access to the "WebBrowser1" object fails with the "Permission Denied" message box. With an IFRAME, certain properties and methods are safe to use in a cross-frame security situation. If the "document_onmousedown" event is fired in the above example by clicking the mouse button on the page, Internet Explorer 4.0 displays a "Permission Denied" message box.

Here is the preferred substitute HTML page that is roughly equivalent to the example above:

   <HTML>
   <HEAD>
   <SCRIPT LANGUAGE="VBScript">
   <!--
   Sub window_onload()
      window.frames(0).location.href = "http://www.microsoft.com"
   end sub

   Sub document_onmousedown()
      window.frames(0).location.href = "http://testserver1"
   end sub
   -->
   </SCRIPT>
   <TITLE>WebBrowser Control in HTML</TITLE>
   </HEAD>
   <BODY>
      <IFRAME ID="TestFrame1" WIDTH=332 HEIGHT=276>
   </BODY>
   </HTML>

In this example, the event handler for "document_onmousedown" succeeds because cross-frame security permits setting the src property but not reading it.

REFERENCES

For additional information about Cross-Frame Security, please see the following article in the Microsoft Knowledge Base:

   ARTICLE-ID: Q167796
   TITLE     : PRB: "Permission Denied" When Scripting Across Frames

Keywords          : AXSDKWebBrowser kbcode
Technology        : kbInetDev
Version           : WINDOWS:4.0,4.01
Platform          : WINDOWS
Issue type        : kbprb


================================================================================


THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

Last reviewed: January 19, 1998
© 1998 Microsoft Corporation. All rights reserved. Terms of Use.