A new feature enables you to block the IWebBrowser::Navigate or the IWebBrowser2::Navigate2 navigation request in Internet Explorer 8

Introduction

Internet Explorer 8 can now block the IWebBrowser::Navigate or the IWebBrowser2::Navigate2 navigation request if the request is redirected to a different host. An update is now available to enable this new feature. The update adds a navBlockRedirectsXDomain flag that enables callers to opt into this security mitigation. Additionally, the update adds a DWebBrowserEvents2::RedirectXDomainBlocked event to detect any navigation request that is blocked.

This feature enables you to prevent cross-domain headers being sent together with redirected navigation requests. The feature detects blocked navigation requests through the DWebBrowserEvents2::RedirectXDomainBlocked event, and then calls the IWebBrowser2::Navigate2 navigation request again by using the redirected URL that is obtained from the event. However, when the navigation request is called again, the navigation call does not include cross-domain headers.

Note When the navigation request is directed to a URL that has the target property set to “_blank,” cross-domain headers may be sent together with redirected navigation requests.

More Information

Security update information

To resolve this problem, install the most recent cumulative security update for Windows Internet Explorer. To do this, visit the following Microsoft website: For more technical information about the most recent cumulative security update for Windows Internet Explorer, visit the following Microsoft website: Note This update was first included in security update 2497640 (MS11-018). For more information, click the following article number to view the article in the Microsoft Knowledge Base:

2497640 MS11-018: Cumulative Security Update for Internet Explorer

For more information about the IWebBrowser2 interface, visit the following Microsoft Developer Network (MSDN) website:For more information about BrowserNavConstants enumeration, visit the following Microsoft Developer Network (MSDN) website:For more information about the target DHTML property, visit the following Microsoft Developer Network (MSDN) website:
Свойства

Номер статьи: 2510633 — последний просмотр: 12 апр. 2011 г. — редакция: 1

Отзывы и предложения