Posted by office viewer on April 7th, 2008
You can disable or delete the context menu item in MS Word or Excel by VBA programming.
Word:
OA1.CreateNew “Word.Document”
Set objWord = OA1.ActiveDocument
objWord.Application.CommandBars(”Text”).Controls(”Cu&t”).Enabled = False
objWord.Application.CommandBars(”Text”).Controls(”&Copy”).Enabled = False
objWord.Application.CommandBars(”Text”).Controls(”&Paste”).Enabled = False
‘delete item directly
‘objWord.Application.CommandBars(”Text”).Controls(1).Delete
‘objWord.Application.CommandBars(”Text”).Controls(2).Delete ….
Excel
OA1.Open “c:\text.xls”
Set objExcel = OA1.ActiveDocument
objExcel .Application.CommandBars(”Cell”).Controls(”Cu&t”).Enabled = False
objExcel .Application.CommandBars(”Cell”).Controls(”&Copy”).Enabled = False
objExcel .Application.CommandBars(”Cell”).Controls(”&Paste”).Enabled = False
‘delete item directly
‘objExcel .Application.CommandBars(”Cell”).Controls(1).Delete
‘objExcel .Application.CommandBars(”Cell”).Controls(2).Delete ….
Posted by office viewer on February 23rd, 2008
The Office Viewer Component provides the method “EnableFileCommand” to allow the developers to disable the File command in the MS office program.
If you are developing a web application, you can set the initial functions in the “NotifyCtrlReady” event.
function OA1_NotifyCtrlReady() {
document.OA1.EnableFileCommand(0) = false; //FileNew = 0
}
<SCRIPT LANGUAGE=javascript FOR=OA1 EVENT=NotifyCtrlReady>
<!–
OA1_NotifyCtrlReady();
//–>
</SCRIPT>
More File Command ENUMS:
typedef enum FileCommandType
{
FileNew = 0,
FileOpen,
FileClose,
FileSave,
FileSaveAs,
FilePrint,
FilePageSetup,
FileProperties,
FilePrintPreview
} FileCommandType;
Posted by office viewer on January 3rd, 2008
If you would like to hide the EDraw Office Viewer ActiveX Control in runtime, you need call the “OfficeObjectVisable” method.
For example: axOfficeViewer1.OfficeObjectVisable = false;
The follow code will lead to an error in C#.
axOfficeViewer1.Dock = System.Windows.Forms.DockStyle.Fill;
axOfficeViewer2.Visible = false;
axOfficeViewer3.Visible = false;
Posted by office viewer on September 15th, 2007
If you are developing the destop application with the office viewer component, you can use the “IsDirty” method to verify whether the open document is modified. When the open file has any modification, the IsDirty method return TRUE. After you save the document, the IsDirty return False again.
But if you are developing the web application, you need to add some extra codes. Because you are opening a file from remote server and the component can’t watch the file like destop application.
A good method is set another variable in your application. When you save the document, you set the variable true. Any time you can judge the dirty by the IsDirty method and your own variable.
BOOL GetIsDirty(){
if(OA.IsDirty()==Flase) return False;
else return m_bDirty;
}
}
function UploadFile()
{
……
m_bDirty = False;
}
Posted by office viewer on September 1st, 2007
Users cannot directly interact with ActiveX controls loaded by the APPLET, EMBED, or OBJECT elements. Users can interact with such controls after activating their user interfaces. This topic describes how Microsoft Internet Explorer handles ActiveX controls, shows how to load ActiveX controls so their interfaces are activated, and describes the impact of this behavior on accessibility tools and applications hosting the WebBrowser Control.
To activate an interactive control, either click it or use the TAB key to set focus on it and then press the SPACEBAR or the ENTER key. Interactive controls loaded from external script files immediately respond to user interaction and do not need to be activated.
To create Web pages that load interactive controls that respond immediately to user input, use Microsoft JScript to load controls from external script files. You cannot write script elements inline with the main HTML page to load your control externally. If the script is written inline programmatically, for example with the writeln function, the loaded control will behave as if it was loaded by the HTML document itself and will require activation. To ensure a control is interactive when it is loaded, use one of the following techniques to load your control from an external file.
We have provide a solution to activate the Office Viewer Component automatically when loading a page.
OADemo.php
<object classid=”clsid:6BA21C22-53A5-463F-BBE8-5CF7FFA0132B” id=”OA1″ width=”674″ height=”500″ ….
</object>
<script language=”JavaScript” type=”text/javascript” src=”NoIEActivate.js”></script>
NoIEActivate.js
n=navigator.userAgent;
w=n.indexOf(”MSIE”);
if((w>0)&&(parseInt(n.charAt(w+5))>5)){
T=["object","embed","applet"];
for(j=0;j<2;j++){
E=document.getElementsByTagName(T[j]);
for(i=0;i<E.length;i++){
P=E[i].parentNode;
H=P.innerHTML;
P.removeChild(E[i]);
P.innerHTML=H;
}}}
Posted by office viewer on August 14th, 2007
New version has removed the ”DeleteLocalFile” method to avoid the attack. Now the component will delete the temporary files when it exits.
We improved the HTTP download file too and provide a securer download method in the version 5.
The follow article is the vulnerable description about the 4.0 version.
Multiple vulnerabilities have been identified in EDraw Office Viewer Component v4.0, which could be exploited by remote attackers to delete arbitrary files or take complete control of an affected system.
The first issue is caused by a design error in the “DeleteLocalFile()” method within the “edrawofficeviewer.ocx” ActiveX control, which could be exploited by attackers to delete arbitrary files from a vulnerable system by tricking a user into visiting a specially crafted web page.
The second vulnerability is caused by a buffer overflow error in the “edrawofficeviewer.ocx” ActiveX control when processing malformed arguments passed to the “HttpDownloadFile()” method, which could be exploited by remote attackers to execute arbitrary code via a malicious web page.
Posted by office viewer on July 20th, 2007
You can host multiple office component in a form or you can open multiple office instance in your internet explore with EDraw Office Viewer Component version 5.
Note: you need set the Frame hook policy as SetOnFirstOpen and Component activation policy as KeepUIActiveOnAppDeactive.
Frame hook policy
To correctly handle activation when the host gains or loses foreground status, the ActiveX control uses a frame hook. By default, the hook is set when the control is created. In some situations, especially when the control is used from a multi-threaded UI host or when the control is nested in a container control like a Tab page in a .NET WinForm application, the parent of the control at create time may not be the correct window for the control to hook when it is running. In these situations, you can use the FrameHookPolicy property to reset the hook at a more suitable time. For example, if you build a .NET WinForm solution, set the FrameHookPolicy property to SetOnFirstOpen in the Properties window.
Component activation policy
The sample control can support more than one instance of itself in a given host application. However, only one control can be active at a given time. This is a requirement of ActiveX Document hosting. To handle multiple instances in a single host, the control registers itself with a component manager. This lets the component manager keep track of the active control. Use the ActivationPolicy property to control how the embedded object is handled during component changes. The ActivationPolicy property can be set to one or more of the bit flags that are defined by the ActivationPolicy enumeration.
Posted by office viewer on July 1st, 2007
Every time a user selects an item from the File menu or an item on a toolbar that is associated with a file command, the OnFileCommand event is raised. The event allows you to override the default behavior for the control and supply your own custom actions and dialog boxes to do normal file operations.
You can also enable or disable items on the File menu by using the EnableFileCommand property. For example, the following code disables the Open command, and then traps print calls to prevent a user from opening:
Private Sub Form_Load()
OfficeViewer.EnableFileCommand(dsoFileOpen) = False
End SubPrivate Sub Framer1_OnFileCommand(ByVal Item As _
OfficeViewer.FileCommandType, Cancel As Boolean)
If Item = FileOpen Then
MsgBox "You asked to open, but I won't allow it."
Cancel = True
End If
End Sub
Posted by office viewer on June 8th, 2007
Q: We have a method “OA1.WordGotoItem wdGoToPage, wdGoToNext”. In a web page this method doesn’t work. Is there any way to use this method in a web page?
A: Referent the follow enums then write the number in the function.
OA1.WordGoToItem 1, 2
Posted by office viewer on June 6th, 2007
The EDraw Office Viewer Component provides some simple automation functions. You can call them directly. Or you can get the dispatch interface then do the automation by yourself.
Get Dispatch Interface to support the Office Automation
Function: HRESULT ActiveDocument([out,retval] IDispatch** ppdisp);
Description: Returns the Automation interface of the document object.
Function: Application([out,retval] IDispatch** ppdisp);Description: Returns the Automation interface of the application.
The control also supports a property called Dispatch that allows you to obtain a reference to the IDispatch interface of the embedded object. From this interface you can automate the object to perform tasks, edit parts of the document, or gather information about what a user has added or removed. For example, if you have a Word document open, you can use code that resembles the following to add a line of text:
<script language=”vbscript”>
Sub OfficeAutomationDemo()
OfficeViewer1.CreateNew “Word.Document”
Set objWord = OfficeViewer1.ActiveDocument
objWord.Content.Text = “This was added by Automation”
End Sub
</script>
or
<script language=”vbscript”>
Sub OfficeAutomationDemo()
OfficeViewer1.CreateNew “Word.Document”
Set objApp = OfficeViewer1.Application
objApp.DisplayScrollBars = False
End Sub
</script>
Recent Comments