8

How could I disable javascript entirely on WebBrowser in WinForms?

Improve this question
4
  • 1
    possible duplicate of VB.NET WebBrowser disable javascript Commented May 16, 2012 at 17:37
  • The WebBrowser control is part of the .net framework so this is a duplicate. Commented May 16, 2012 at 17:38
  • You can but is pain. See here. Commented Aug 21, 2012 at 21:04
  • I'm sure you must have a temptation to simply write code to eliminate all <script>...</script> and tada. That wouldn't work. You could use <script type = "text/javascript"> and the script would not be blocked. And even if you managed to block all scripts that way, there would still exist the sneaky <body onload = "JS"> thingy. Also, it is kind of obvious that the webbrowser makers (who probably also made IE) were too lame to add a disableJS function. Commented Apr 2, 2014 at 18:19

3 Answers 3

Reset to default
0

You can't. Client apps cannot disable JavaScript in the browser.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

do I have any alternatives in order to prevent pages from opening pop-ups?
If you're writing the code, wouldn't you have control over this?
I'm writing the winform, not the pages it's webbrowser visit.
Incorrect. You can control the features of the Web Browser control using an IInternetSecurityManager and/or the ambient flags.
0

With this you can disable warning from javascript

webBrowser.ScriptErrorsSuppressed = true;
Improve this answer

1 Comment

that just disables warnings, the code itself is still executed.
0

Obviously the accepted answer is wrong. And not just because the Eric Law says so, but because i say so.

I don't know the C#/WinForms equivalent, but the WebBrowser control is a standard Windows component which can be used from any language; including C#. I'm using it from Delphi.

The way you disable javascript in an embedded WebBrowser is to implement the IInternetSecurityManager interface (which seems to already be defined in the .NET Framework Class Library already):

IInternetSecurityManager = interface
   ['{79eac9ee-baf9-11ce-8c82-00aa004ba90b}']
   function SetSecuritySite(Site: IInternetSecurityMgrSite): HResult; stdcall;
   function GetSecuritySite(out Site: IInternetSecurityMgrSite): HResult; stdcall;
   function MapUrlToZone(pwszUrl: LPCWSTR; out dwZone: DWORD; dwFlags: DWORD): HResult; stdcall;
   function GetSecurityId(pwszUrl: LPCWSTR; pbSecurityId: Pointer; var cbSecurityId: DWORD; dwReserved: DWORD): HResult; stdcall;
   function ProcessUrlAction(pwszUrl: LPCWSTR; dwAction: DWORD; pPolicy: Pointer; cbPolicy: DWORD; pContext: Pointer; cbContext: DWORD; dwFlags, dwReserved: DWORD): HResult; stdcall;
   function QueryCustomPolicy(pwszUrl: LPCWSTR; const guidKey: TGUID; out pPolicy: Pointer; out cbPolicy: DWORD; pContext: Pointer; cbContext: DWORD; dwReserved: DWORD): HResult; stdcall;
   function SetZoneMapping(dwZone: DWORD; lpszPattern: LPCWSTR; dwFlags: DWORD): HResult; stdcall;
   function GetZoneMappings(dwZone: DWORD; out enumString: IEnumString; dwFlags: DWORD): HResult; stdcall;
end;

Specifically the ProcessUrlAction method:

Determines the policy for the specified action and displays a user interface, if the policy indicates that the user should be queried.

When the browser asks

  • "Am I allowed to run scripts?" (URLACTION_SCRIPT_RUN)
  • You say "No" (URLPOLICY_DISALLOW).
function TEmbeddedSecurityManager.ProcessUrlAction(pwszUrl: LPCWSTR; dwAction: DWORD; pPolicy: Pointer; cbPolicy: DWORD;
  pContext: Pointer; cbContext, dwFlags, dwReserved: DWORD): HResult;
begin
    // For other actions, defer to the default Internet Explorer security manager
    Result := INET_E_DEFAULT_ACTION;

{
    From Eric Law (yes, *the* Eric Law):

        https://stackoverflow.com/a/10623739/12597
        You can control the features of the Web Browser control using an IInternetSecurityManager and/or the ambient flags.
        – EricLaw,  Sep 5, 2013 at 23:10
}

    // URLACTION_SCRIPT_RUN corresponds to the action of running scripts (JavaScript)
    if dwAction = URLACTION_SCRIPT_RUN then
    begin
        // Set policy to URLPOLICY_DISALLOW to block running scripts
        if cbPolicy >= SizeOf(DWORD) then
        begin
            PDWORD(pPolicy)^ := URLPOLICY_DISALLOW;
            Result := S_OK;
        end
        else
            Result := E_FAIL;
    end;
end;

You give the browser your implementation of IInternetSecurityManager when it asks for it during QueryService:

function TfrmTextViewer.wbQueryService(const rsid, iid: TGUID; out Obj: IInterface): HRESULT;
var
    sam: IInternetSecurityManager;
begin
    Result := E_NOINTERFACE;

    //rsid ==> Service Identifier
    //iid  ==> Interface identifier
    if IsEqualGUID(rsid, IInternetSecurityManager) and IsEqualGUID(iid, IInternetSecurityManager) then
    begin
        sam := TEmbeddedSecurityManager.Create;
        Obj := sam;
        Result := S_OK;
    end;
end;

I'll let someone who's not me translate all that into C#.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.