I believe I am having a security problem related to using the embed tag with a WebBrowser control in my C# 2008 WinForms application.
Here is my code:
private void button2_Click(object sender, EventArgs e)
{
webBrowser1.Navigate("C:/page1.html");
}
private void button1_Click(object sender, EventArgs e)
{
webBrowser1.Navigate("about:blank");
Thread.Sleep(1000);
webBrowser1.Document.Write("<html><body><p>Hello</p><embed src='C:/test.wmv' /></body></html>");
}
This is the contents of page1.html:
<html><body><p>Hello</p><embed src='C:/test.wmv' /></body></html>
Button1 generates the word "Hello". Button2 generates the word "Hello" with an embedded movie player below it.
When I view the sources for both pages I notice they are identical, except for the name of the source file.
This leads me to believe it is something to do with my IE security settings, but I notice that I have full permissions set for embedded content. Perhaps the control doesn't recognize the source of the page as proper and therefore doesn't allow the embed tag to be used.
How can I overcome this programatically? I want to avoid writing my page to file, and navigating to that file at all cost. Any suggestions on how to trick the browser control into working properly?
1st Editor:
According to this article Webbrowser Navigate Embedded Resource this will work, but I (JT) tried and it didn't:
System.IO.Stream stream = this.GetType().Assembly.GetManifestResourceStream("WindowsFormsApplication1.Properties.test.html");
webBrowser1.DocumentStream = stream;
Odd behavior while reproducing problem:
webBrowser1.Navigate("about:blank");
do
{
Thread.Sleep(100);
} while (webBrowser1.IsBusy == true);
//Method 1. Doesn't work
string htmlString1 = File.ReadAllText("C:/page1.html");
webBrowser1.Document.Write(htmlString1);
//Method 2. Doesn't work
string htmlString2 = "<html><body><p>Hello</p><embed src='C:/test.wmv' /></body></html>";
webBrowser1.Document.Write(htmlString2);
//Method 3. DOES WORK
webBrowser1.Document.Write("<html><body><p>Hello</p><embed src='C:/test.wmv' /></body></html>");
Edit 2
Here is an example of a page created with JavaScript, with no real source file, that does display the embedded player in IE:
<html><head>
<script language="JavaScript">
function go()
{
test1 = window.open("","","menubar=0,status=0,toolbar=0");
test1.document.writeln("<html><body><p>Hello</p><embed src='test.wmv' /></body></html>");
}
</script>
</head><body><h1 onclick="go()">click</h1></body></html>
The only difference here is that IE thinks the source of the HTML is a file, although, it is created by "writeln".
While it is popular opinion that IE does not support the tag, it does, and there are many examples proving it. Attempting with IE on jsfiddle.net in IE will yeild an embedded player, while in FF it will not.
Edit 3
This issue is related to cross-domain security. Not only do the newer versions of IE refuse to allow any changes to the domain of a page once it exists, the WebBrowser control doesn't let you write text to a document that already has text in it. Only the first call to Document.Write does anything. Not only is there no apparent way to force the domain of page, there is also no way to write anything new to a page with a domain that is set because "openNew", which is required in order to do any writing, opens about:blank and defaults to a null domain that causes exceptions if set or get is attempted.
Edit 4
The issue lies in Cross-Domain security shenanigans. See THIS IE8 decided that Document.Domain can't be written to. Even if it were writable, you can apparently never communicate between protocols. So the "file://" protocol, and the "about" protocol can't communicate, or have tags pointed at one another. Here are the stumbling blocks:
In conclusion, it is sufficient to say that you don't have any extra control over security with the WebBrowser control, likely even less than you have with some JavaScript generated pages (because these pages share the domain of the launch script).
Thanks for the votes/support in my endeavor, but it looks like I'm going to give up and write a page to file every time I want to change what is in the browser control. Yuck.
Definition and Usage. The <embed> tag defines a container for an external resource, such as a web page, a picture, a media player, or a plug-in application.
The WebBrowser control provides a managed wrapper for the WebBrowser ActiveX control. The managed wrapper lets you display Web pages in your Windows Forms client applications.
Although supported by the browsers, the <embed> is a deprecated HTML tag and is not part of the HTML4 standard.
To do so, right-click on the WebBrowser control, and select Properties. This action launches the Properties window. Feel free to set any properties you like. The Url property represents the web page a WebBrowser displays.
The issue lies in Cross-Domain security shenanigans. See THIS IE8 decided that Document.Domain can't be written to. Even if it were writable, you can apparently never communicate between protocols. So the "file://" protocol, and the "about" protocol can't communicate, or have tags pointed at one another. Here are the stumbling blocks:
In conclusion, it is sufficient to say that you don't have any extra control over security with the WebBrowser control, likely even less than you have with some JavaScript generated pages (because these pages share the domain of the launch script).
Thanks for the votes/support in my endeavor, but it looks like I'm going to give up and write a page to file every time I want to change what is in the browser control. Yuck.
@GorchestopherH thats a shame to hear the outcome. You might wish to put the 4th edit as an answer - it'd be a shame to loose the 50pts bounty altogether.
The other solution is another webbrowser control: http://code.google.com/p/geckofx/
Embeding Firefox Brower In C# Using GeckoFX
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With