Microsoft KB Archive/176789

= PRB: Permission Denied Accessing Web Browser Control in HTML =

Article ID: 176789

Article Last Modified on 3/16/2005

-

APPLIES TO


 * Microsoft Internet Explorer 4.0 128-Bit Edition
 * Microsoft Internet Explorer 4.01 Service Pack 2

-



This article was previously published under Q176789



SYMPTOMS
When scripting a WebBrowser control that has been embedded in an HTML page, attempts to use any standard WebBrowser Control methods or properties fail with a "Permission Denied" scripting error.



CAUSE
Because of cross-frame security restrictions, any attempt to access the WebBrowser control from script automatically fails after the control has been set to browse a page in a different security context from the page hosting the control.



RESOLUTION
Replace any references to the WebBrowser control with an IFRAME tag. The IFRAME, for all intents and purposes, functions in the same manner as the WebBrowser control and can be positioned on a page. See the MORE INFORMATION below for an example of how to do this.



STATUS
This behavior is by design.



MORE INFORMATION
Please note that this article discusses only the use of the WebBrowser control directly in an HTML page with the  tag and script.

Steps to Reproduce Behavior
The following HTML page reproduces this problem:        WebBrowser Control in HTML                     <PARAM NAME="ExtentX" VALUE="8784">         <PARAM NAME="ExtentY" VALUE="7303">         <PARAM NAME="ViewMode" VALUE="1">         <PARAM NAME="Offline" VALUE="0">         <PARAM NAME="Silent" VALUE="0">         <PARAM NAME="RegisterAsBrowser" VALUE="0">         <PARAM NAME="RegisterAsDropTarget" VALUE="0">         <PARAM NAME="AutoArrange" VALUE="1">         <PARAM NAME="NoClientEdge" VALUE="1">         <PARAM NAME="AlignLeft" VALUE="0">      </OBJECT>   </BODY>   </HTML> When this example page is loaded in Internet Explorer 4.0 (IE4), the "window_onload" event handler navigates the embedded WebBrowser control to:

http://www.microsoft.com.

Assuming that this example page is stored on the local system and is accessed via "file://," the embedded WebBrowser control is now hosting a document from a domain and protocol that is different than the parent page. This is analogous to using an IFRAME inside an HTML page, where the IFRAME src property points to a document on another domain.

At this point, unlike with an IFRAME, any and all script access to the "WebBrowser1" object fails with the "Permission Denied" message box. With an IFRAME, certain properties and methods are safe to use in a cross-frame security situation. If the "document_onmousedown" event is fired in the above example by clicking the mouse button on the page, Internet Explorer 4.0 displays a "Permission Denied" message box.

Here is the preferred substitute HTML page that is roughly equivalent to the example above:

<pre class="fixed_text">  <HTML>  <SCRIPT LANGUAGE="VBScript"> </SCRIPT> WebBrowser Control in HTML</TITLE> </HEAD> <BODY> <IFRAME ID="TestFrame1" WIDTH=332 HEIGHT=276> </BODY> </HTML> </WWCODE> In this example, the event handler for "document_onmousedown" succeeds because cross-frame security permits setting the src property but not reading it.

<div class="references_section">