IE调用客户端程序

原文地址

https://msdn.microsoft.com/en-us/library/aa767914.aspx#app_reg

Registering an Application to a URI Scheme

The About Asynchronous Pluggable Protocols article describes how to develop handlers for Uniform Resource Identifier (URI) schemes. In some cases, it may be desirable to invoke another application to handle a custom URI scheme. To do so, register the existing application as a URI pluggable protocol handler and associate it with the custom URI scheme. Once the application has successfully launched, it can use command-line parameters to retrieve the URI that launched it. These settings apply to pluggable protocol handlers launched from within Windows Internet Explorer and from Windows Explorer using the Run... command (Windows logo key+R).

Security Warning:  Applications that handle URI schemes must consider how to respond to malicious data. Because handler applications can receive data from untrusted sources, the URI and other parameter values passed to the application may contain malicious data that attempts to exploit the handling application.

This topic contains the following sections:

Registering the Application Handling the Custom URI Scheme

To register an application to handle a particular URI scheme, add a new key, along with the appropriate subkeys and values, to HKEY_CLASSES_ROOT. The root key must match the URI scheme that is being added. For instance, to add an "alert:" scheme, add an alert key to HKEY_CLASSES_ROOT, as follows:

HKEY_CLASSES_ROOT
   alert
      URL Protocol = ""

Under this new key, the URL Protocol string value indicates that this key declares a custom pluggable protocol handler. Without this key, the handler application will not launch. The value should be an empty string.

Keys should also be added for DefaultIcon and shell. The Default string value of the DefaultIcon key must be the file name to use as an icon for this new URI scheme. The string takes the form "path, iconindex" with a maximum length of MAX_PATH. The name of the first key under the shell key should be an action verb, such as open. Under this key, a command key or a DDEEXEC key indicate how the handler should be invoked. The values under the command and DDEEXEC keys describe how to launch the application handling the new protocol.

Finally, the Default string value should contain the display name of the new URI scheme. The following example shows how to register an application, alert.exe in this case, to handle the alert scheme.

HKEY_CLASSES_ROOT
   alert
      (Default) = "URL:Alert Protocol"
      URL Protocol = ""
      DefaultIcon
         (Default) = "alert.exe,1"
      shell
         open
            command
               (Default) = "C:\Program Files\Alert\alert.exe" "%1"

When a user clicks a link containing your custom URI scheme, Windows Internet Explorer launches the pluggable protocol handler registered for that URI scheme. If the specified open command specified in the registry contains a %1 parameter, Internet Explorer passes the URI to the registered pluggable protocol handler application.

Launching the Handler

By adding the above settings to the registry, navigating to URIs such as alert:Hello%20World would cause an attempt to launch alert.exe with the complete URI on the command line. Internet Explorer percent-decodes the URI, but the Windows Run... command does not. If a URI contains percent-encoded spaces, it may be split across more than one argument on the command line.

For example, if the link above is followed through Internet Explorer, the command line would be:

"C:\Program Files\Alert\alert.exe" "alert:Hello World"

If this link is followed through Windows Explorer, the Windows Run command, or some other application, the command line would be:

"C:\Program Files\Alert\alert.exe" "alert:Hello%20World"

Because Internet Explorer will decode all percent-encoded octets in the URI before passing the resulting string to ShellExecute, URIs such asalert:%3F? will be given to the alert application pluggable protocol handler as alert:??. The handler won‘t know that the first question mark was percent-encoded. To avoid this issue, pluggable protocol handlers and their associated URI scheme must not rely on encoding. If encoding is necessary, protocol handlers should use another type of encoding that is compatible with URI syntax, such as Base64 encoding. Double percent-encoding is not a good solution either; if the application protocol URI isn‘t processed by Internet Explorer, it will not be decoded.

When ShellExecute executes the pluggable protocol handler with a stringon the command line, any non-encoded spaces, quotes, and backslashes in the URI will be interpreted as part of the command line. This means that if you use C/C++‘s argc and argv to determine the arguments passed to your application, the string may be broken across multiple parameters. To mitigate this issue:

  • Avoid spaces, quotes, or backslashes in your URI
  • Quote the %1 in the registration ("%1" as written in the ‘alert‘ example registration)

However, avoidance doesn‘t completely solve the problem of quotes in the URI or a backslash at the end of the URI.

Security Issues

As noted above, the string that is passed to a pluggable protocol handler might be broken across multiple parameters. Malicious parties could use additional quote or backslash characters to pass additional command line parameters. For this reason, pluggable protocol handlers should assume that any parameters on the command line could come from malicious parties, and carefully validate them. Applications that could initiate dangerous actions based on external data must first confirm those actions with the user. In addition, handling applications should be tested with URIs that are overly long or contain unexpected (or undesirable) character sequences.

For more information, please see Writing Secure Code.

Example Pluggable Protocol Handler

The following sample code contains a simple C# console application demonstrating one way to implement a pluggable protocol handler for the alertURI scheme.

using System;
using System.Collections.Generic;
using System.Text;

namespace Alert
{
  class Program
  {
    static string ProcessInput(string s)
    {
       // TODO Verify and validate the input
       // string as appropriate for your application.
       return s;
    }

    static void Main(string[] args)
    {
      Console.WriteLine("Alert.exe invoked with the following parameters.\r\n");
      Console.WriteLine("Raw command-line: \n\t" + Environment.CommandLine);

      Console.WriteLine("\n\nArguments:\n");
      foreach (string s in args)
      {
        Console.WriteLine("\t" + ProcessInput(s));
      }
      Console.WriteLine("\nPress any key to continue...");
      Console.ReadKey();
    }
  }
}

When invoked with the URI alert:"Hello%20World" (note extra quotes) from Internet Explorer, the program responds with:

Alert.exe invoked with the following parameters.

Raw command-line:
        "C:\Program Files\Alert\alert.exe" "alert:"Hello World""

Arguments:

        alert:Hello
        World

Press any key to continue...

Related topics

时间: 2024-10-10 05:53:13

IE调用客户端程序的相关文章

asp.net网页调用客户端程序

================================第一步:网注册表中(HKEY_CLASSES_ROOT)添加项 ================================第二步:在网页上写上标签调用 <a href="xishui://hello">zhangdi://hello</a> ================================显示效果:会弹出hello asp.net网页调用客户端程序,布布扣,bubuko.com

WEB程序调用客户端程序

最近一个项目中要点击WEB页面上的链接启动自己编写的程序,而且还要接收参数,google了1.5小时,终于初步试验通过了. 尝试google了:web send message windows form, bs call cs program, custom protocol...多个关键字组合,发现这种技术叫 registered URL protocol,在这篇文章里介绍得比较详细: http://msdn.microsoft.com/en-us/library/aa767914(v=vs.

axis2通过wsdl生成客户端程序并本地调用

wsdl2java -uri http://10.0.5.12/brm/services/RuleEngine1374389539674484?wsdl -p east.mvc.webservice.client -o stub RuleEngine1374389539674484Stub stub = null; try { stub = new RuleEngine1374389539674484Stub(); RuleEngine1374389539674484Stub.GetCutCat

C# 客户端程序调用外部程序的三种实现

简介 我们用C#来开发客户端程序的时候,总会不可避免的需要调用外部程序或者访问网站,本篇博客介绍了三种调用外部应用的方法,供参考 实现 第一种是利用shell32.dll,实现ShellExecute方法,该方法可同时打开本地程序.文件夹或者访问网站,只要直接输入路径字符串即可, 如C:\Users\Desktop\xx.exe或者https://cn.bing.com/,可以根据返回值判断是否调用成功 (成功0x00000002a , 失败0x00000002) Window wnd = Wi

客户端程序调用zookeeper报len4807928异常

一.故障分析与解决 1.dubbo-zookeeper注册中心数据量太大.导致客户端与其通信失败 异常现象图: 2.异常分析 znode节点上的数据太大,超过长度,程序处理失败 3.解决方法 在zookeeper客户端程序启动start.sh中加入"-Djute.maxbuffer=10240000"增加它的最大容量 参数位置:JAVA_MEM_OPTS="-Djute.maxbuffer=10240000" 加入之后启动java程序,观察日志.无之前异常 二.zo

简单的客户端程序

今天, 我在写控制小车的上位机程序, 要发送指令给小车的wifi模块,  所以我需要编写客户端程序, 因为wifi模块已配置成了服务器. 客户端要连接服务器, 需要知道服务器的IP地址, 不是它的IPV4的地址, 而是它的默认路由IP, 然后是指定端口号.   IP确定同一网络下的主机位置, 端口号确定主机上我要通信的进程. 知道了关键部分(原理),接下来就是怎么编程了. *****************************************  图解 ****************

c++下基于windows socket的单线程服务器客户端程序

今天自己用编写了一个简单的c++服务器客户端程序,注释较详细,在此做个笔记. windows下socket编程的主要流程可概括如下:初始化ws2_32.dll动态库-->创建套接字-->绑定地址信息-->服务器进行监听/客户端连接服务器-->数据交换-->关闭套接字对象. 服务器端: 1 #include <Winsock2.h> 2 #include <Ws2tcpip.h> 3 #include <iostream> 4 5 #prag

php编写TCP服务端和客户端程序

From: http://blog.csdn.net/anda0109/article/details/46655301 1.修改php.ini,打开extension=php_sockets.dll 2.服务端程序SocketServer.php [php] view plaincopyprint? <?php //确保在连接客户端时不会超时 set_time_limit(0); //设置IP和端口号 $address = "127.0.0.1"; $port = 3046;

0729------Linux网络编程----------使用 select 、poll 和 epoll 模型 编写客户端程序

1.select 模型 1.1 select 函数原型如下,其中 nfds 表示的描述符的最大值加1(因为这里是左闭右开区间),中间三个参数分别表示要监听的不同类型描述符的集合,timeout用来表示轮询的时间间隔,这里用NULL表示无限等待. 1.2 使用 select函数编写客户端程序的一般步骤: a)初始化参数,包括初始化监听集合read_set并添加fd,以及初始化监听的最大描述符 maxfd 和select的返回值 nready: b)将read_set 赋值给 ready_set,因