Loading an htmlfile object from text - how to disable embedded scripts ?

Discussion:

(too old to reply)

R.Wieser

2019-05-08 07:41:11 UTC

Hello all,

I'm trying to search thru a HTML string as if its a DOM document. For
that I create an "htmlfile" object and ".write" the string into it. So far,
so good. The problem is that I get a warning dialog asking me if I want
to run the embedded scripts in it. Which ofcourse I do not want and also
throws a wrench in the automation process (needs human intervention).

The full script looks like this:
Set oDOM = CreateObject("htmlfile")
oDOM.Write sData
oDOM.Close

Questions:

1) Where can I find documentation on the VBScript "htmlfile" object ?
Half an hours worth googeling for "htmlfile" plus a combination of other
keywords or even for the objects classid (taken from the registry) gets me
nowhere.

2) How do I tell it to ignore (not run) any-and-all active content (just
load the text for DOM parsing) ?

Regards,
Rudy Wieser

Mayayana

2019-05-08 12:50:07 UTC

Permalink

"R.Wieser" <***@not.available> wrote

| 1) Where can I find documentation on the VBScript "htmlfile" object ?
| Half an hours worth googeling for "htmlfile" plus a combination of other
| keywords or even for the objects classid (taken from the registry) gets me
| nowhere.
|

It's just a hack, giving you access to a loaded IE page
without explicitly instantiating IE. I don't know whether
you can access the parent window, events, etc in that
case. Maybe not.

Set doc = CreateObject("htmlfile")
MsgBox TypeName(doc)
Set doc = Nothing

| 2) How do I tell it to ignore (not run) any-and-all active content (just
| load the text for DOM parsing) ?
|

Remove the script before loading the string.

Function StripScript(StrIn)
Dim A1(), i2, LenStrIn, sChar, Pt1, iA, iNum, sNum
On Error Resume Next
LenStrIn = Len(StrIn)
ReDim A1(LenStrIn - 1)
i2 = 1
iA = 0
Do While i2 <= LenStrIn
Select Case sChar
Case "<"
If UCase(Mid(StrIn, i2 + 1, 6)) = "SCRIPT" Then
Pt1 = InStr(i2, StrIn, "</SCRIPT>", 1)
i2 = Pt1 + 8
A1(iA) = " "
Else
A1(iA) = "<"
End If
Case Else
A1(iA) = sChar
End Select
i2 = i2 + 1
iA = iA + 1
If i2 > LenStrIn Then Exit Do
Loop

StripScript = Join(A1, "")
End Function

R.Wieser

2019-05-08 16:29:36 UTC

Permalink

Mayayana,

Post by Mayayana
It's just a hack, giving you access to a loaded IE page
without explicitly instantiating IE.

I was not aware of that. But it explains why it tries to execute the
embedded scripts. Though when I put a simple 'MsgBox("foo")' in there
nothing showed.

Post by Mayayana
| 2) How do I tell it to ignore (not run) any-and-all active content (just
| load the text for DOM parsing) ?
Remove the script before loading the string.

I considered that too (just using replace() on the involved "<xxx" and
"</xxx" tags with something else should be enough) , but its not really the
way I want to go: Just missing one of the active things in the loaded HTML
string and either the whole thing blocks (waiting for my permission to run
the active content), or could try to do "weird stuff(tm)" on my 'puter (I do
not even know which security zone such HTML content is loaded in).

In short, without some documentation about it I'm up the creek without a
paddle. :-(

Regards,
Rudy Wieser

2019-05-08 14:17:42 UTC

Permalink

Post by R.Wieser
1) Where can I find documentation on the VBScript "htmlfile" object ?
Half an hours worth googeling for "htmlfile" plus a combination of other
keywords or even for the objects classid (taken from the registry) gets me
nowhere.

The "htmlfile" ProgID is actually the HTMLDocument object. It implements
IHTMLDocument, IHTMLDocument2...IHTMLDocument8 along with other interfaces.

Post by R.Wieser
2) How do I tell it to ignore (not run) any-and-all active content (just
load the text for DOM parsing) ?

HTMLDocument object doesn't run any script. It's only a representation of
the DOM, and adding/injecting SCRIPT elements won't execute the code it
contains, or load the external resource it referenced. The browser is not
involved on this matter.