Article ID: 318426 - Last Review: October 25, 2006 - Revision: 3.0

FIX: Security Patch (Q316059) Crashes Internet Explorer When You Call execScript

Retired KB ArticleRetired KB Content Disclaimer
View products that this article applies to.
This article was previously published under Q318426

On This Page

Expand all | Collapse all

SYMPTOMS

When you call execScript within a parent frame from a child frame, Internet Explorer stops responding (crashes). This occurs after you apply the "February 11, 2002 Cumulative Patch for Internet Explorer", which is available in the following Microsoft Knowledge Base article:
316059  (http://support.microsoft.com/kb/316059/EN-US/ ) MS02-005: February 11, 2002, Cumulative Patch for Internet Explorer
Back to the top

RESOLUTION

To resolve this problem, obtain the latest service pack for Internet Explorer 6. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
328548  (http://support.microsoft.com/kb/328548/EN-US/ ) How to Obtain the Latest Internet Explorer 6 Service Pack
This problem no longer occurs in the "March 28, 2002, Cumulative Patch for Internet Explorer". For additional information about how to obtain this patch, click the article number below to view the article in the Microsoft Knowledge Base:
319182  (http://support.microsoft.com/kb/319182/EN-US/ ) MS02-015: March 28, 2002, Cumulative Patch for Internet Explorer
Back to the top

WORKAROUND

To work around this problem with the "February 11, 2002 Cumulative Patch for Internet Explorer", use one of the methods to follow.

NOTE: The following workarounds use the HTML files from the "More Information" section.

Change the Script to Call the Function Directly

In script, replace the following code 
window.parent.execScript('test()');
with: 
window.parent.test();

Change the Visual C++ Code to Call the Function Directly

In Microsoft Visual C++, replace the code to call execScript (which is implemented in CallExecScript) with the code to call the script method directly (which is implemented in CallDirect): 
window.parent.test();void CCplusworkaroundCtrl::OnLButtonDown(UINT nFlags, CPoint point) 
{
	HRESULT hr = S_OK;

	IServiceProvider* pServiceProvider = NULL;
	hr = m_pClientSite->QueryInterface(IID_IServiceProvider, (void**)&pServiceProvider);
	ASSERT(SUCCEEDED(hr) && pServiceProvider);

	IWebBrowser2* pWebBrowser2 = NULL;
	hr = pServiceProvider->QueryService(SID_SWebBrowserApp, IID_IWebBrowser2, (void**)&pWebBrowser2);
	ASSERT(SUCCEEDED(hr) && pWebBrowser2);

	IDispatch* pDocDisp = NULL;
	hr = pWebBrowser2->get_Document(&pDocDisp);
	ASSERT(SUCCEEDED(hr) && pDocDisp);

	IHTMLDocument2* pDocument2 = NULL;
	hr = pDocDisp->QueryInterface(IID_IHTMLDocument2, (void**)&pDocument2);
	ASSERT(SUCCEEDED(hr) && pDocument2);

	IHTMLWindow2* pWindow2 = NULL;
	hr = pDocument2->get_parentWindow(&pWindow2);
	ASSERT(SUCCEEDED(hr) && pWindow2);

	IHTMLWindow2* pWindowTop = NULL;
	hr = pWindow2->get_top(&pWindowTop);
	ASSERT(SUCCEEDED(hr) && pWindowTop);

	CallDirect(pWindowTop);
	CallExecScript(pWindowTop);

	pWindowTop->Release();
	pWindow2->Release();
	pDocument2->Release();
	pDocDisp->Release();
	pWebBrowser2->Release();
	pServiceProvider->Release();
}

void CCplusworkaroundCtrl::CallExecScript(IHTMLWindow2* pWindow2)
{
	ASSERT(pWindow2);
	HRESULT hr = S_OK;

	BSTR bstrCode = ::SysAllocString(L"test()");
	BSTR bstrLanguage = ::SysAllocString(L"vbscript");

	COleVariant ret;
	hr = pWindow2->execScript(bstrCode, bstrLanguage, &ret);
	
	::SysFreeString(bstrLanguage);
	::SysFreeString(bstrCode);
}

void CCplusworkaroundCtrl::CallDirect(IHTMLWindow2* pWindow2)
{
	DISPID dispidScriptObject, dispidMethodToInvoke;
	IDispatch *pDispScriptObject;
	DISPPARAMS dispparamsNoArgs = { NULL, NULL, 0, 0};
	HRESULT hr;
	OLECHAR *szScript = L"script";
	OLECHAR *szFuncName = L"test";
	
	IHTMLDocument2* pDocument2 = NULL;
	hr = pWindow2->get_document(&pDocument2);
	ASSERT(SUCCEEDED(hr) && pDocument2);

	IDispatch* pDocDisp = NULL;

	hr = pDocument2->QueryInterface(IID_IDispatch, (void**)&pDocDisp);
	ASSERT(SUCCEEDED(hr) && pDocDisp);

	// Get the DISPID of the document's Script property.
	hr = pDocDisp->GetIDsOfNames(IID_NULL, &szScript,
		1, LOCALE_USER_DEFAULT, &dispidScriptObject);
	ASSERT(SUCCEEDED(hr));

	COleVariant varResult;
	
	// Get the document's Script property.
	hr = pDocDisp->Invoke(dispidScriptObject,
		IID_NULL, LOCALE_USER_DEFAULT, DISPATCH_PROPERTYGET,
		&dispparamsNoArgs, &varResult, NULL, NULL);
	ASSERT(SUCCEEDED(hr) && varResult.pdispVal);

	pDispScriptObject = varResult.pdispVal;

	varResult.Clear();	
	// Get the DISPID of the script method to invoke.
	hr = pDispScriptObject->GetIDsOfNames(IID_NULL, &szFuncName, 1, 
		LOCALE_USER_DEFAULT, &dispidMethodToInvoke);
	ASSERT(SUCCEEDED(hr));

	// Invoke the script method.
	hr = pDispScriptObject->Invoke(dispidMethodToInvoke, IID_NULL,
		LOCALE_USER_DEFAULT, DISPATCH_METHOD, &dispparamsNoArgs, 
		&varResult, NULL, NULL);
	ASSERT(SUCCEEDED(hr));

	pDocDisp->Release();
	pDocument2->Release();
}

Remove the "February 11, 2002 Cumulative Patch for Internet Explorer"

As a last resort, you can restore the previous version of Internet Explorer to return to the version that you had before you installed the security patch.

IMPORTANT: This workaround exposes you to the security problems that Q316059 fixes. Be sure to install the previous security patch, which is available from the following Microsoft Knowledge Base article:
313675  (http://support.microsoft.com/kb/313675/EN-US/ ) MS01-058: File Vulnerability Patch for Internet Explorer 5.5 and Internet Explorer 6
Do not use this workaround unless you are sure that it is absolutely necessary. This workaround provides only a temporary workaround. Remember to update Internet Explorer when the next security patch becomes available.
  1. In Control Panel, double-click Add/Remove Programs.
  2. Under Currently installed programs, click Microsoft Internet Explorer.
  3. In the left pane, click Change/Remove.
  4. Click Restore the previous Windows configuration, and then click OK.
  5. After you restore the previous version of Internet Explorer, reboot your computer.
  6. Browse to the following Microsoft Web site to download and to install the version of Internet Explorer that you want:
    http://www.microsoft.com/ie (http://www.microsoft.com/ie)
If you do not have a restore option for Internet Explorer (for example, if you are using Microsoft Windows XP), you must manually replace the Mshtml.dll and Mshtml.tlb files with the older versions of these files. The older versions of these files are located in Q313675 in safe mode. Although you can use the original Mshtml files from the Microsoft Windows XP CD, these files do not provide as much security.

For additional information how to uninstall Internet Explorer, click the article numbers below to view the articles in the Microsoft Knowledge Base:
293907  (http://support.microsoft.com/kb/293907/EN-US/ ) How to Uninstall Internet Explorer 6
Back to the top

STATUS

Microsoft has confirmed that this is a bug in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Internet Explorer 6 Service Pack 1.
Back to the top

MORE INFORMATION

Steps to Reproduce Behavior

  1. In Notepad, create a new file named Parent.html, and then paste the following code:
    <html>
<title>Internet Explorer Crashes When You Call execScript Within a Parent Frame from a Child Frame</title>
    <head>
        <script>
            function test()
            {
                alert("test");
            }
        </script>
    </head>
    <body>
         <iframe src="child.html"></iframe>
    </body>
</html>
  2. Save Parent.html on your Web server.
  3. Create a new file named Child.html, and then paste the following code:
    <html>
    <head>
         <script>
			function Test()
			{
				window.parent.execScript('test()');
//Comment the above line and uncomment the following line to work around the problem
				//window.parent.test();
			}
         </script>
    </head>
    <body>
Click this button to run a script within the parent frame<br></br>
<button onclick=Test()>Click</button>
    </body>
</html>
  4. Save Child.html on your Web server.
  5. Browse to the Parent.html page, and then click the button that should run the script.
Back to the top
APPLIES TO
  • Microsoft Internet Explorer (Programming) 5.5 SP2
Back to the top
Keywords: 
kbbug kbfix kbie600sp1fix KB318426
Back to the top
Retired KB ArticleRetired KB Content Disclaimer
This article was written about products for which Microsoft no longer offers support. Therefore, this article is offered "as is" and will no longer be updated.
Back to the top
 

Get Help Now

Contact a support professional by E-mail, Online, or Phone

Article Translations