Killbit 是IE用来禁止ActiveX 运行的技术, 其表现上是一个注册表设置,在
HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Internet Explorer/ActiveX Compatibility/<CLSID>
Compatability=值
这个Compatability是一个REG_DWORD类型的bitmask,每一个bit 都有一定的含义,具体请见下表(或者MSDN参考文档)
COMPAT_AGGREGATE = 0x00000001,
COMPAT_NO_OBJECTSAFETY = 0x00000002,
COMPAT_NO_PROPNOTIFYSINK = 0x00000004,
COMPAT_SEND_SHOW = 0x00000008,
COMPAT_SEND_HIDE = 0x00000010,
COMPAT_ALWAYS_INPLACEACTIVATE = 0x00000020,
COMPAT_NO_SETEXTENT = 0x00000040,
COMPAT_NO_UIACTIVATE = 0x00000080,
COMPAT_NO_QUICKACTIVATE = 0x00000100,
COMPAT_NO_BINDF_OFFLINEOPERATION = 0x00000200,
COMPAT_EVIL_DONT_LOAD = 0x00000400,
COMPAT_PROGSINK_UNTIL_ACTIVATED = 0x00000800,
COMPAT_USE_PROPBAG_AND_STREAM = 0x00001000,
COMPAT_DISABLEWINDOWLESS = 0x00002000,
COMPAT_SETWINDOWRGN = 0x00004000,
COMPAT_PRINTPLUGINSITE = 0x00008000,
COMPAT_INPLACEACTIVATEEVENWHENINVISIBLE = 0x00010000,
COMPAT_NEVERFOCUSSABLE = 0x00020000,
COMPAT_ALWAYSDEFERSETWINDOWRGN = 0x00040000,
COMPAT_INPLACEACTIVATESYNCHRONOUSLY = 0x00080000,
COMPAT_NEEDSZEROBASEDDRAWRECT = 0x00100000,
COMPAT_HWNDPRIVATE = 0x00200000,
COMPAT_SECURITYCHECKONREDIRECT = 0x00400000,
COMPAT_SAFEFOR_LOADING = 0x00800000
当0x400 那bit被设置的时候,该ActiveX 就会被IE彻底屏蔽。 我们把这个bit 称之为kill bit, 于是就有了killbit 这个技术名称 :)
例子:比如你想屏蔽一个GUID为{ABCDEF12-ABCD-ABCD-ABCD-ABCDEF123456} 的activex 控件,可以设置注册表:
HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Internet Explorer/ActiveX Compatibility/{ABCDEF12-ABCD-ABCD-ABCD-ABCDEF123456}
Compatability=400
(以上400是16进制,10进制就设成1024)
更多的信息,请参考微软的KB文章: 《How to stop an ActiveX control from running in Internet Explorer》