IObjectSafety接口

都说ActiveX危险，那么为什么XmlHttpRequest以及MediaPlayer都是用ActiveX的方式创建的，却没有问题？原来，这是因为这些ActiveX组件都声明自己是脚本安全的，而IE的中级安全设置上，是允许脚本安全的ActiveX创建，并且不予警告的。IE怎么知道一个插件是脚本安全的？它是通过以下两个办法。一是查询ActiveX组件是否实现了IObjectSafety接口，并且返回脚本安全；二是查询ActiveX组件是否在注册表的Component Category Manager里表明自己实现了CATID_SafeForInitializing和CATID_SafeForScripting。

 TFileService = class(TAutoObject, IFileService, IObjectSafety)
  private
    FObjectSafetyFlags: DWORD;

      { IObjectSafety }
    function GetInterfaceSafetyOptions(const IID: TIID; pdwSupportedOptions,
      pdwEnabledOptions: PDWORD): HResult; virtual; stdcall;
    function SetInterfaceSafetyOptions(const IID: TIID; dwOptionSetMask,
      dwEnabledOptions: DWORD): HResult; virtual; stdcall;

function TFileService.GetInterfaceSafetyOptions(const IID: TIID;
  pdwSupportedOptions, pdwEnabledOptions: PDWORD): HResult;
var
  Unk: IUnknown;
begin
  if (pdwSupportedOptions = nil) or (pdwEnabledOptions = nil) then
  begin
    Result := E_POINTER;
    Exit;
  end;
  Result := QueryInterface(IID, Unk);
  if Result = S_OK then
  begin
    pdwSupportedOptions^ := INTERFACESAFE_FOR_UNTRUSTED_CALLER or
    INTERFACESAFE_FOR_UNTRUSTED_DATA;
    pdwEnabledOptions^ := FObjectSafetyFlags and
    (INTERFACESAFE_FOR_UNTRUSTED_CALLER or INTERFACESAFE_FOR_UNTRUSTED_DATA);
  end
  else begin
    pdwSupportedOptions^ := 0;
    pdwEnabledOptions^ := 0;
  end;

end;

function TFileService.SetInterfaceSafetyOptions(const IID: TIID;
  dwOptionSetMask, dwEnabledOptions: DWORD): HResult;
var
  Unk: IUnknown;
begin
  Result := QueryInterface(IID, Unk);
  if Result <> S_OK then Exit;
  FObjectSafetyFlags := dwEnabledOptions and dwOptionSetMask;
end;