Stopping WebBrowser from navigating to local files. 
Author Message
 Stopping WebBrowser from navigating to local files.

I have a custom webbrowser control. The user can surf the net as usual
but if they c:\ in the navigation ComboBox, they can get to the root of
the winNt box and subsequently any directory on the machine. What are my
possible solutions for this? Also if I block all access to the local
files, I still need to keep one directory available for supporting files,
i.e., local .html files and text files that are read at run-time.
Basically the entire file system needs to be invisible to the webbrowser
control except one folder, c:\supportFiles\

Thanks for any help

Jerry



Sun, 13 Oct 2002 03:00:00 GMT  
 Stopping WebBrowser from navigating to local files.
maybe hard code c:\supportFiles\ in the control and don't give them the
option to type in anything else?


Quote:
> I have a custom webbrowser control. The user can surf the net as usual
> but if they c:\ in the navigation ComboBox, they can get to the root of
> the winNt box and subsequently any directory on the machine. What are my
> possible solutions for this? Also if I block all access to the local
> files, I still need to keep one directory available for supporting files,
> i.e., local .html files and text files that are read at run-time.
> Basically the entire file system needs to be invisible to the webbrowser
> control except one folder, c:\supportFiles\

> Thanks for any help

> Jerry



Mon, 14 Oct 2002 03:00:00 GMT  
 Stopping WebBrowser from navigating to local files.
Hello,

I posted some code below. I found if I restrict the user from the get go,
I don't have a problem. Logically this works but I feel that I went
around the world to get to it. My concern is, what if there's something
is included in the navigating in time? An example, "http_new://". If
something new comes out or I missed something, this browser will be
obsolete in time. Does anyone have a better logic to tackle this? Thanks
again.

Jerry

Here's the code:

Private Sub wbMain_BeforeNavigate2(index As Integer, ByVal pDisp As
Object, URL As Variant, Flags As Variant, TargetFrameName As Variant,
PostData As Variant, Headers As Variant, Cancel As Boolean)

If LCase(Left(URL, 16)) = "c:\source_files" Or _
LCase(Left(URL, 7)) = "http://" Or _
LCase(Left(URL, 8)) = "https://" Or _
LCase(Left(URL, 7)) = "mailto:" Or _
LCase(Left(URL, 6)) = "ftp://" Or _
LCase(Left(URL, 24)) = "file:///c:/source_files" Or _
LCase(Left(URL, 11)) = "javascript:" Then

        wb1.navigate URL
Else
        Cancel=True
End If



Quote:
> maybe hard code c:\supportFiles\ in the control and don't give them the
> option to type in anything else?



> > I have a custom webbrowser control. The user can surf the net as usual
> > but if they c:\ in the navigation ComboBox, they can get to the root of
> > the winNt box and subsequently any directory on the machine. What are my
> > possible solutions for this? Also if I block all access to the local
> > files, I still need to keep one directory available for supporting files,
> > i.e., local .html files and text files that are read at run-time.
> > Basically the entire file system needs to be invisible to the webbrowser
> > control except one folder, c:\supportFiles\

> > Thanks for any help

> > Jerry



Mon, 14 Oct 2002 03:00:00 GMT  
 Stopping WebBrowser from navigating to local files.
Hello Jerry!

The trick is to check for unacceptable values.
You could try this:

Private Sub brwWebBrowser_BeforeNavigate2(ByVal pDisp As Object, URL As
Variant, Flags As Variant, TargetFrameName As Variant, PostData As Variant,
Headers As Variant, Cancel As Boolean)

Dim ValidPath As String

ValidPath = "c:\supportFiles"  ' path in lowercase, no trailing \

If Dir$(URL, 31) <> "" Then  ' DIR Forced to match any type of file
    ' Navigation to filesystem attempted.
    'Check if acceptable
    If LCase$(Left$(URL, Len(ValidPath))) <> ValidPath Then
        Cancel = True
    End If
End If

End Sub

Regards,

Sixto


Quote:
> Hello,

> I posted some code below. I found if I restrict the user from the get go,
> I don't have a problem. Logically this works but I feel that I went
> around the world to get to it. My concern is, what if there's something
> is included in the navigating in time? An example, "http_new://". If
> something new comes out or I missed something, this browser will be
> obsolete in time. Does anyone have a better logic to tackle this? Thanks
> again.

> Jerry

> Here's the code:

> Private Sub wbMain_BeforeNavigate2(index As Integer, ByVal pDisp As
> Object, URL As Variant, Flags As Variant, TargetFrameName As Variant,
> PostData As Variant, Headers As Variant, Cancel As Boolean)

> If LCase(Left(URL, 16)) = "c:\source_files" Or _
> LCase(Left(URL, 7)) = "http://" Or _
> LCase(Left(URL, 8)) = "https://" Or _
> LCase(Left(URL, 7)) = "mailto:" Or _
> LCase(Left(URL, 6)) = "ftp://" Or _
> LCase(Left(URL, 24)) = "file:///c:/source_files" Or _
> LCase(Left(URL, 11)) = "javascript:" Then

> wb1.navigate URL
> Else
> Cancel=True
> End If



> > maybe hard code c:\supportFiles\ in the control and don't give them the
> > option to type in anything else?



> > > I have a custom webbrowser control. The user can surf the net as usual
> > > but if they c:\ in the navigation ComboBox, they can get to the root
of
> > > the winNt box and subsequently any directory on the machine. What are
my
> > > possible solutions for this? Also if I block all access to the local
> > > files, I still need to keep one directory available for supporting
files,
> > > i.e., local .html files and text files that are read at run-time.
> > > Basically the entire file system needs to be invisible to the
webbrowser
> > > control except one folder, c:\supportFiles\

> > > Thanks for any help

> > > Jerry



Mon, 14 Oct 2002 03:00:00 GMT  
 Stopping WebBrowser from navigating to local files.
You can put the allowed urls in a config file or in a table. Have the
control read the file to check for valid urls. If you want to change allowed
urls later w/o recompiling, then just add/subtract from the config file or
table.

From the code below it looks like you want the control to be able to perform
most normal browing functions + access a shared folder on your server by the
physical path name. So, you can keep the allowed physical path names on
file.

What happens when you tighten up security on the server? Do they still get
root access if they are not in the correct security group? If they don't
then you might not need to limit anything n your code. Just set the
permissions.

/Jason

Quote:
> Hello,

> I posted some code below. I found if I restrict the user from the get go,
> I don't have a problem. Logically this works but I feel that I went
> around the world to get to it. My concern is, what if there's something
> is included in the navigating in time? An example, "http_new://". If
> something new comes out or I missed something, this browser will be
> obsolete in time. Does anyone have a better logic to tackle this? Thanks
> again.

> Jerry

> Here's the code:

> Private Sub wbMain_BeforeNavigate2(index As Integer, ByVal pDisp As
> Object, URL As Variant, Flags As Variant, TargetFrameName As Variant,
> PostData As Variant, Headers As Variant, Cancel As Boolean)

> If LCase(Left(URL, 16)) = "c:\source_files" Or _
> LCase(Left(URL, 7)) = "http://" Or _
> LCase(Left(URL, 8)) = "https://" Or _
> LCase(Left(URL, 7)) = "mailto:" Or _
> LCase(Left(URL, 6)) = "ftp://" Or _
> LCase(Left(URL, 24)) = "file:///c:/source_files" Or _
> LCase(Left(URL, 11)) = "javascript:" Then

> wb1.navigate URL
> Else
> Cancel=True
> End If



> > maybe hard code c:\supportFiles\ in the control and don't give them the
> > option to type in anything else?



> > > I have a custom webbrowser control. The user can surf the net as usual
> > > but if they c:\ in the navigation ComboBox, they can get to the root
of
> > > the winNt box and subsequently any directory on the machine. What are
my
> > > possible solutions for this? Also if I block all access to the local
> > > files, I still need to keep one directory available for supporting
files,
> > > i.e., local .html files and text files that are read at run-time.
> > > Basically the entire file system needs to be invisible to the
webbrowser
> > > control except one folder, c:\supportFiles\

> > > Thanks for any help

> > > Jerry



Tue, 15 Oct 2002 03:00:00 GMT  
 Stopping WebBrowser from navigating to local files.
Hello Jerry!

The trick is to check for unacceptable values.
You could try this:

Private Sub brwWebBrowser_BeforeNavigate2(ByVal pDisp As Object, URL As
Variant, Flags As Variant, TargetFrameName As Variant, PostData As Variant,
Headers As Variant, Cancel As Boolean)

Dim ValidPath As String

ValidPath = "c:\supportFiles"  ' path in lowercase, no trailing \

If Dir$(URL, 31) <> "" Then  ' DIR Forced to match any type of file
    ' Navigation to filesystem attempted.
    'Check if acceptable
    If LCase$(Left$(URL, Len(ValidPath))) <> ValidPath Then
        Cancel = True
    End If
End If

End Sub

Regards,

Sixto


Quote:
> Hello,

> I posted some code below. I found if I restrict the user from the get go,
> I don't have a problem. Logically this works but I feel that I went
> around the world to get to it. My concern is, what if there's something
> is included in the navigating in time? An example, "http_new://". If
> something new comes out or I missed something, this browser will be
> obsolete in time. Does anyone have a better logic to tackle this? Thanks
> again.

> Jerry

> Here's the code:

> Private Sub wbMain_BeforeNavigate2(index As Integer, ByVal pDisp As
> Object, URL As Variant, Flags As Variant, TargetFrameName As Variant,
> PostData As Variant, Headers As Variant, Cancel As Boolean)

> If LCase(Left(URL, 16)) = "c:\source_files" Or _
> LCase(Left(URL, 7)) = "http://" Or _
> LCase(Left(URL, 8)) = "https://" Or _
> LCase(Left(URL, 7)) = "mailto:" Or _
> LCase(Left(URL, 6)) = "ftp://" Or _
> LCase(Left(URL, 24)) = "file:///c:/source_files" Or _
> LCase(Left(URL, 11)) = "javascript:" Then

> wb1.navigate URL
> Else
> Cancel=True
> End If



> > maybe hard code c:\supportFiles\ in the control and don't give them the
> > option to type in anything else?



> > > I have a custom webbrowser control. The user can surf the net as usual
> > > but if they c:\ in the navigation ComboBox, they can get to the root
of
> > > the winNt box and subsequently any directory on the machine. What are
my
> > > possible solutions for this? Also if I block all access to the local
> > > files, I still need to keep one directory available for supporting
files,
> > > i.e., local .html files and text files that are read at run-time.
> > > Basically the entire file system needs to be invisible to the
webbrowser
> > > control except one folder, c:\supportFiles\

> > > Thanks for any help

> > > Jerry



Tue, 15 Oct 2002 03:00:00 GMT  
 
 [ 6 post ] 

 Relevant Pages 

1. Stopping WebBrowser from navigating to local files.

2. Stopping WebBrowser from navigating to local files.

3. Stopping WebBrowser from navigating to local files.

4. Stopping WebBrowser from navigating to local files.

5. Stopping WebBrowser from navigating to local files.

6. Using WebBrowser ctl to navigate to a local file

7. navigating webBrowser to a executible resource file?

8. Newbie: Linking local files to WebBrowser

9. Webbrowser control for local .htm files

10. Help: prevent webbrowser ctrl getting access on local file system

11. GURU needed: VB6 webbrowser: Detect Navigation to local File system -- suppress new window

12. NewWindow navigating local resource or ftp

 

 
Powered by phpBB® Forum Software