In many software systems, access to certain objects may be restricted based on the context in which those objects are invoked. For example, a web browser, such as INTERNET EXPLORER® web browser provided by Microsoft Corporation, may restrict access to certain objects to implement a “security zone.” Scripts downloaded from the Internet may be allowed to execute in the security zone, but those scripts may be denied access to objects that could disrupt operation of a computer on which the web browser is installed. Having a security zone allows a computer user to download scripts from the Internet or other un-trusted sources, while reducing the risk that such downloaded scripts, when executed on the computer, will cause damage either because they were inadvertently written improperly or maliciously written in a way to disrupt operation of the computer.
ActiveX® objects are one example of objects for which access may be restricted. A computer configured to execute scripts may contain multiple ActiveX® objects. Each ActiveX® object contains one or more interfaces. Each interface may have methods that can be called through the interface, allowing a script to call these methods to perform functions during execution of the script. Such functions may include presenting information on the display of the computer, accessing an e-mail system to send e-mail or altering files in the computer's file management system.
Some functions performed by ActiveX® objects, such as presenting output on a display of the computer, may generally be benign. Calls from a security zone on objects that expose only methods that perform such benign functions can be allowed. But, other functions, such as accessing a file management system, can cause damage to a computer if used within a script improperly or for malicious purposes. When implementing a security zone, calls on objects that expose methods that perform such detrimental functions are not allowed.
A mechanism is provided to limit access to certain objects when invoked from a security zone. For ActiveX® objects, this mechanism is an optional restricted interface, called IObjectSafety. An ActiveX® object that implements this interface can respond to a query from a host program executing a script to indicate that it has a “safe mode” of operation and can be instantiated in safe mode. Once instantiated in safe mode, calls may be made on the object through any of its interfaces. It is the responsibility of the ActiveX object to ensure that, when running in safe mode, no unsafe methods may be called. This feature allows a web browser to implement a security zone by only creating instances of ActiveX® objects that support a safe mode of operation, and by instantiating all such objects in safe mode.