cabyrc Posted September 24, 2014 Posted September 24, 2014 Hi all, I'm wondering, how can I create an embedded IE instance in my AutoIt application where I would have WSH disabled and no warnings shown when wsh is executed? Microsoft suggests the following: http://msdn.microsoft.com/en-us/library/ie/ms537182%28v=vs.85%29.aspx (Implementing a Custom Security Manager), but it's in C++. Is it anyhow possible with AutoIt? Thanks!
Anteaus Posted September 25, 2014 Posted September 25, 2014 I don't have a specific answer, but as a word of warning Microsoft are all too keen on doing this kind of thing where IE is given special priveleges to access the local filesystem. The issue is that it's hard to tell if there might be ways of exploiting it from external websites. I'd look for a safer method of implementing whatever it is you're doing.
cabyrc Posted September 25, 2014 Author Posted September 25, 2014 The way for sure exists, and I saw working C++ implementations. I know that it might sound insecure, but for my case this is the easiest and fastest way. And I don't think it's not really safe. I just need WSH script that would have some interactions with HTML. The html file will be a local one, and thus no real security issues.
Anteaus Posted September 25, 2014 Posted September 25, 2014 What matters is not what happens with a local file, but whether the security relaxation can be exploited by an external website. Can you be certain that is not the case?
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now