Script error invalid character using the WebBrowser control  
Author Message
John Veson





PostPosted: Internet Explorer Extension Development, Script error invalid character using the WebBrowser control Top

One of our applications was broken after installing IE7. We narrowed the problem down to the below:

WebBrowser browser = new WebBrowser();
browser.DocumentText = "<script src=\"file://c:\test\foo.js\"></script><p>test</p>";

This code works fine under IE6, but when running on IE7 you get the error:
Line: 2
Char:1
Error: Invalid Character
Code: 0
URL: about:blank

It doesn't matter what is in the foo.js file, it can be completely blank and you will get the error. If you replace the file://c:\test\foo.js with a valid http URL (Internet zone), it works fine. If you create a file with the contents and load it into the control using browser.Navigate() it also loads fine. So it seems related to security.

Any ideas This repros 100% on WinXP SP2 with IE7 Final.

Thanks,
John



Internet Explorer Development3  
 
 
arts284





PostPosted: Internet Explorer Extension Development, Script error invalid character using the WebBrowser control Top

but what about getting the same error message here:

http://safety.live.com/site/en-US/scanner/default_scan.htm

i hope now we'll get faster an answer


 
 
JustinRogers





PostPosted: Internet Explorer Extension Development, Script error invalid character using the WebBrowser control Top

There are some new information disclosure fixes in IE 7 that disallow arbitrary usage of the file system for loading of scripts. There are several fixes available to get you up and running. First, don't use an internet zone page for the content, instead load a dummy HTML page from disk to put the browser control into the local machine zone. Then you can load from the local machine zone just fine.

The second is to show intent that you don't mind allowing web-sites arbitrary access to scripts on your local machine by setting a feature control key. Some applications don't load internet content and so aren't vulnerable and so the usage of the key is a valid fix:

HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT (registry key)

MyAppName.exe:DWORD(0x0) (registry value)

Hopefully one of these options is suitable for your scenario. We warn against setting the feature control key for your application unless you are sure that internet content is not going to be loaded by your application.


 
 
John Veson





PostPosted: Internet Explorer Extension Development, Script error invalid character using the WebBrowser control Top

Justin -- thanks for the suggestion.

We tried the following:

WebBrowser browser = new WebBrowser();

browser.DocumentText = "<script src=\"file://c:\test\foo.js\"></script><p>test</p>"; // still yields same script error

We also added some code to make sure the navigate was complete before setting the DocumentText for good measure but that did not make a difference, we get the same script error.

It looks like when you do a document.write() it blows away the context altogether. As a host of the control, I would think there would be a programmatic way to control the zone security policy. Changing the registry is not really a good option since we also show some real web pages.

This seems like a very common scenario for MSHTML -- generate some dynamic content in memory which references scripts. I'm surprised this doesn't break applications like Money, etc. We really would like to avoid writing to a temporary file each time, although that does solve the problem.

Thanks,

John


 
 
JustinRogers





PostPosted: Internet Explorer Extension Development, Script error invalid character using the WebBrowser control Top

The document write may indeed blow away your context. But gaining access to the elements inside the body of the current document would not. Once you navigate, you can try to inject HTML into the document by getting the body element and doing an innerHTML call on that.

browser.Document.Body.InnerHtml seems to be the .NET syntax you'd want.

Is this a common scenario Well, yes and no. By adopting about:blank, you automatically get placed into the Internet zone in most cases (there are some exceptions). Controls want this to occur because they get more protection from the web in this mode which is why the .NET WebBrowser control behaves the way it does. Secure by default is our end goal in almost all cases.

Note, if you don't care about the dynamic scenario, you can always write to disk as well. I always put this out there just in case the application at hand warrants the approach. If you truly want dynamic page generation though, I think doing what you've done above, grabbing the body and injecting content will solve your problem.


 
 
Prabs Chavan





PostPosted: Internet Explorer Extension Development, Script error invalid character using the WebBrowser control Top

John

I am not sure whether this is relevant.

But I faced exactly the same problem you had described, and my problem was fixed after I added the about:blank to the trusted sites in IE7. Well this is not the best of the solutions but it solves the problem. I am working on devising an alternative solution for this. Thanks,

 
 
arts284





PostPosted: Internet Explorer Extension Development, Script error invalid character using the WebBrowser control Top

It works for me too, Prabs, thanks a lot! But the problem now is I get all the time a security warning asking me if I allow the current Web page to open a site in my Trusted sites list which is, of course, about:blank
 
 
thedoc328





PostPosted: Internet Explorer Extension Development, Script error invalid character using the WebBrowser control Top

Since going to IE-7 I encounter this message when I open some but not all of the logs in my Norton Internet Security suite. The problem with allowing all communication with URL about:blank is that about:blank is an infamous purveyor of malware. They are notorious especially but far from exclusively for homepage hijack exploits. They have numerous publications that include downloaders, Trojans, web trackers, etc. Questions: Why are we seeing this message How is it related to adopting IE-7 How do we fix it without allowing bad guys free access I can tell you that Norton Antivirus does not detect a problem, nor do eTrust Pest Patrol, Ad-aware, or SpySweeper.
 
 
Berriman





PostPosted: Internet Explorer Extension Development, Script error invalid character using the WebBrowser control Top

One way I fixed that error - about:blank

1.right click on the desktop - select properties

2. chose the desktop tab

3. click on the button customise desktop

4 select the web tab

5. click on the properties button

6. stay under the default settings -

7. web documents tab -then uncheck make this page available offline apply and ok

8. Then close out of all windows you have open

You will find that you are having no more problems with this any more

. PS. Hope this helps everyone thats still having problem!



 
 
arts284





PostPosted: Internet Explorer Extension Development, Script error invalid character using the WebBrowser control Top

Sorry, not in my case
 
 
arts284





PostPosted: Internet Explorer Extension Development, Script error invalid character using the WebBrowser control Top

I did a clean reinstall of everything and now is working Twilight Zone...
 
 
dragon-monkey





PostPosted: Internet Explorer Extension Development, Script error invalid character using the WebBrowser control Top

I am still faced with the problem that I can not use the Windows Live OneCare safety scanner. How did you add the about:blank to the trusted sites in IE7

 
 
Jules H





PostPosted: Internet Explorer Extension Development, Script error invalid character using the WebBrowser control Top

Hi,

Getting the same error but in a slightly different manner, it is happening for me when I try to set the browser URL to that of an Authorware .AAM file:

ie:
document.location=http://myserver/training/esa/esa010401/esa010401.aam

It works fine if I use IE7 with "myserver" in the list of IE's trusted sites but doesn't work in an application using the WebBrowser control.

The registry modifications suggested by Justin Rodgers does work, but is an unacceptable solution to my situation as the application with the WebBrowser control is already deployed to thousands of machines.

I'm really trying to find a solution that can be implemented on the server side.

Suggestions


 
 
arts284





PostPosted: Internet Explorer Extension Development, Script error invalid character using the WebBrowser control Top

Control Panel => Internet Options => Security tab => select "Trusted sites" => click on "Sites" button => Trusted sites window => "Add this website to the zone:" - write "about:blank" => click on "Add" button => click on "Close" button => click "OK" in Internet Properties window.

But, like I said, after a clean installation of Windows, I uninstalled IE6 from "Add/Remove Windows Components" and I installed IE7 and everything worked fine, I did not need this "solution" anymore.


 
 
arts284





PostPosted: Internet Explorer Extension Development, Script error invalid character using the WebBrowser control Top

Control Panel => Internet Options => Security tab => select "Trusted sites" => click on "Sites" button => Trusted sites window => "Add this website to the zone:" - write "about:blank" => click on "Add" button => click on "Close" button => click "OK" in Internet Properties window.

But, like I said, after a clean installation of Windows, I uninstalled IE6 from "Add/Remove Windows Components" and I installed IE7 and everything worked fine, I did not need this "solution" anymore, neither making My Home Page unavailable offline.