I want, from my application code, to start the user's default web
browser looking at some specified URL. I'm aware of the usual

ShellExecute (NULL, "show", "http://wherever", NULL, 0, SW_SHOWNORMAL)

technique, but this is not suitable because I don't have control over
the URL, and need to be prepared for it to be malicious -- this
technique runs the risk of going

ShellExecute (NULL, "show", "malicious.exe", NULL, 0, SW_SHOWNORMAL)

I want the behaviour to be as-if the user had clicked on a link to the
specified URL, allowing the browser's own security rules to decide how
the URL should be treated.

Does anyone have any ideas?

--
Thanks for any help,
John

On Aug 15, 8:36 am, John Aldridge <john.aldri...@informatix.co.uk>
wrote:

Hi,

Well, you can just launch the browser with a trusted website first,
for example, google.com or a blank page, then the end-users will
click on the favorites weblinks to open the specific URL they want
to view, or simply type the URL in the browers's address window,
or in the serach box of google.com.

Kellie.

John Aldridge <john.aldridge@informatix.co.uk> wrote:
I haven't worked through all the scenarios, but could you use
PathIsURL() to verify the string is really a URL? Assuming it is, you
should be able to assume the browser will be called from ShellExecute,
otherwise you know it's not a URL and while the browser might be
called, you can't be sure.

--
Scott Seligman [MSFT]
This posting is provided AS IS with no warranties, and confers
no rights.

In article <1187209176.956238.113910@x35g2000prf.googlegroups .com>,
KELLIEFITTON@YAHOO.COM says...
That will start the web browser, I understand that, but how can I then
(from the application code) ask it to show a particular URL? Thank you
for your help.

--
John

In article <fa08hm$nre$1@panix5.panix.com>, scosel@online.microsoft.com
says...
I don't think that's good enough, unfortunately -- if you pass

file://c:/windows/system32/calc.exe

to PathIsURL() it returns TRUE, but then calling ShellExecute with the
same string starts the calculator program!

I could simply prohibit file:// URLs, but I don't really want to do that
-- what I want to happen is for the browser to show its normal

File Download - Security Warning
Do you want to run or save this file?

dialog (as happens if you type that string into a browser's address
bar).

Thanks for your help,

--
John

On Aug 16, 5:19 am, John Aldridge <john.aldri...@informatix.co.uk>
wrote:

Hi,

Well, the proper way to launch the internet browser from your
source code is as follows, find out the user's default browser,
run the browser with or without a URL name, wait for the user
to end the internet session and close the browser.

You can use the following APIs to retrieve the name and handle of the
executable file associated with the specified filename (.html)/ Start
and
launch the default browser with or without a specific URL name:

FindExecutable()
CreateProcess()
WaitForSingleObject()
CloseHandle()

If you want to open the browser with a specific URL name by default,
you can use something like this:

"iexplore.exe http://www.google.com/"

"iexplore.exe http://yahoo.com/"

http://msdn2.microsoft.com/en-us/library/ms647374.aspx

http://msdn2.microsoft.com/en-us/library/ms682425.aspx

http://msdn2.microsoft.com/en-us/library/ms687032.aspx

http://msdn2.microsoft.com/en-us/library/ms724211.aspx

Kellie.

John Aldridge wrote:
Write a temporary html file in a temp dir, ShellExecute it and then
delete it.

<html>
<head>
<meta http-equiv=refresh content="0; url=your_url_here">
</head>
<body>
<a ref="your_url_here">Click here</a>
</body>
</html>


--
Grzegorz Wróbel
http://www.4neurons.com/
677265676F727940346E6575726F6E732E636F6D

Grzegorz Wróbel wrote:
This should be (a typo):

<a href="your_url_here">Click here</a>

and this line is only in case meta refresh tag failed.


--
Grzegorz Wróbel
http://www.4neurons.com/
677265676F727940346E6575726F6E732E636F6D

In article <fa1uka$hcp$1@nemesis.news.tpi.pl>,
/dev/null@localhost.localdomain says...
Clever! That'll do the trick, I think. Thank you :-)

--
John