Step 7: Putting the Control on a Web Page

Your control is now finished. To see your control work in a real-world situation, put it on a Web page. When the ATL Object Wizard creates the initial control it also creates an HTML file that contains the control. You can open up the PolyCtl.htm file in Internet Explorer and you see your control on a Web page.

The control doesn't do anything yet, so change the Web page to respond to the events that you send. Open PolyCtl.htm in Visual C++ (if the file does not appear in FileView, select Open from the File menu to open the file) and add the lines in bold.

<HTML>
<HEAD>
<TITLE>ATL 3.0 test page for object PolyCtl</TITLE>
</HEAD>
<BODY>
<OBJECT ID="PolyCtl" <
 CLASSID="CLSID:4CBBC676-507F-11D0-B98B-000000000000">
>

</OBJECT>

<SCRIPT LANGUAGE="VBScript">

<!--

Sub PolyCtl_ClickIn(x, y)

   PolyCtl.Sides = PolyCtl.Sides + 1

End Sub

Sub PolyCtl_ClickOut(x, y)

   PolyCtl.Sides = PolyCtl.Sides - 1

End Sub

-->

</SCRIPT>

</BODY>

</HTML>

You have added some VBScript code that gets the Sides property from the control, and increases the number of sides by one if you click inside the control. If you click outside the control you reduce the number of sides by one.

Start up Internet Explorer and make sure your Security settings are set to Medium:

  1. Click Internet Options on the View menu.

  2. Select the Security tab and set the security to Medium, if necessary, then click OK.

Now open PolyCtl.htm in Internet Explorer. After you click on the control, a Security Alert dialog box informs you that Internet Explorer doesn't know if the control is safe to script.

What does this mean? Imagine if you had a control that, for example, displayed a file, but also had a Delete method that deleted a file. The control would be safe if you just viewed it on a page, but wouldn't be safe to script since someone could call the Delete method. This message is Internet Explorer's way of saying that it doesn't know if someone could do damage with this control, so it is asking the user.

You know your control is safe, so click Yes. Now click inside the polygon; the number of sides increases by one. Click outside the polygon to reduce the number of sides. If you try to reduce the number of sides below three, you will see the error message that you set.

The following figure shows the control running in Internet Explorer after you have clicked inside the polygon twice.

Since you know your control is always safe to script, it would be good to let Internet Explorer know, so that it doesn't need to show the Security Alert dialog box. You can do this through the IObjectSafety interface. ATL supplies an implementation of this interface in the class IObjectSafetyImpl.

To add the interface to your control, just add IObjectSafetyImpl to your list of inherited classes and add an entry for it in your COM map.

Add the following line to the end of the list of inherited classes in PolyCtl.h, remembering to add a comma to the previous line:

   public IObjectSafetyImpl<CPolyCtl, INTERFACESAFE_FOR_UNTRUSTED_CALLER>

Then add the following line to the COM map in PolyCtl.h:

   COM_INTERFACE_ENTRY(IObjectSafety)

Now build the control. Once the build has finished, open PolyCtl.htm in Internet Explorer again. This time the Web page should be displayed directly without the Safety Violation dialog box. Click inside and outside the polygon to confirm that the scripting is working.

Back to Step 6On to References