Microsoft KB Archive/249150

From BetaArchive Wiki
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
Knowledge Base


Article ID: 249150

Article Last Modified on 10/16/2007


APPLIES TO

  • Microsoft Internet Explorer 4.0 128-Bit Edition
  • Microsoft Internet Explorer 4.01 Service Pack 2
  • Microsoft Internet Explorer 4.01 Service Pack 1
  • Microsoft Internet Explorer 4.01 Service Pack 2
  • Microsoft Internet Explorer 5.0
  • Microsoft Internet Explorer 5.01
  • Microsoft Internet Explorer 5.5


This article was previously published under Q249150

SYMPTOMS

The Microsoft Rich TextBox control (Richtx32.ocx) does not function correctly when hosted in Internet Explorer. The Rich TextBox control fails to display in the Internet Explorer window when the control is installed on the computer.

CAUSE

The Rich TextBox control is not "safe" when used in Internet Explorer. Microsoft intentionally blocks this control for security reasons.

MORE INFORMATION

The Rich TextBox control is not "safe for scripting" because both the LoadFile and SaveFile methods allow a malicious script access to read, write, or change files on a user's local computer.

It is not "safe for initialization" because the Rich Text Format (RTF) specification allows for the embedding of potentially malicious OLE objects. Previous versions of the Rich TextBox control are incorrectly marked safe for scripting and initialization, and are blocked from running in Internet Explorer.

When you use the Rich TextBox control on a Web page, you must first wrap it in another Microsoft ActiveX control that does not expose the unsafe properties and methods. This wrapper control is then marked as safe when it is packaged for distribution.

Workaround

The following are two possible workarounds to achieve rich editing functionality on your Web page:

  • Wrap the Rich TextBox control in another ActiveX control that does not expose the unsafe properties and methods. This wrapper control is marked as safe when it is packaged for distribution.
  • Use the Dynamic Hypertext Markup Language (DHTML) Editing Component, if the RTF support is not necessary.


REFERENCES

For additional information, please see the following MSDN Web Workshop sites:

Safe initialization and scripting for ActiveX controls
http://msdn2.microsoft.com/en-us/library/Aa751977.aspx

Building ActiveX controls for Internet Explorer 4.0
http://msdn.microsoft.com/workshop/components/activex/buildax.asp


For more information, see the following Webcast:

How Does Internet Component Download Work?



Additional query words: richedit

Keywords: kbctrl kbprb kbsecurity KB249150



Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/249150&oldid=376368
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki