Article ID: 249150
Article Last Modified on 10/16/2007
APPLIES TO
- Microsoft Internet Explorer 4.0 128-Bit Edition
- Microsoft Internet Explorer 4.01 Service Pack 2
- Microsoft Internet Explorer 4.01 Service Pack 1
- Microsoft Internet Explorer 4.01 Service Pack 2
- Microsoft Internet Explorer 5.0
- Microsoft Internet Explorer 5.01
- Microsoft Internet Explorer 5.5
This article was previously published under Q249150
SYMPTOMS
The Microsoft Rich TextBox control (Richtx32.ocx) does not function correctly when hosted in Internet Explorer. The Rich TextBox control fails to display in the Internet Explorer window when the control is installed on the computer.
CAUSE
The Rich TextBox control is not "safe" when used in Internet Explorer. Microsoft intentionally blocks this control for security reasons.
MORE INFORMATION
The Rich TextBox control is not "safe for scripting" because both the LoadFile and SaveFile methods allow a malicious script access to read, write, or change files on a user's local computer.
It is not "safe for initialization" because the Rich Text Format (RTF) specification allows for the embedding of potentially malicious OLE objects. Previous versions of the Rich TextBox control are incorrectly marked safe for scripting and initialization, and are blocked from running in Internet Explorer.
When you use the Rich TextBox control on a Web page, you must first wrap it in another Microsoft ActiveX control that does not expose the unsafe properties and methods. This wrapper control is then marked as safe when it is packaged for distribution.
Workaround
The following are two possible workarounds to achieve rich editing functionality on your Web page:
- Wrap the Rich TextBox control in another ActiveX control that does not expose the unsafe properties and methods. This wrapper control is marked as safe when it is packaged for distribution.
- Use the Dynamic Hypertext Markup Language (DHTML) Editing Component, if the RTF support is not necessary.
REFERENCES
For additional information, please see the following MSDN Web Workshop sites:
Safe initialization and scripting for ActiveX controls
http://msdn2.microsoft.com/en-us/library/Aa751977.aspx
Building ActiveX controls for Internet Explorer 4.0
http://msdn.microsoft.com/workshop/components/activex/buildax.asp
For more information, see the following Webcast:
Additional query words: richedit
Keywords: kbctrl kbprb kbsecurity KB249150