I am calling a VBS function from an intranet page, using IE 11 (yes, it has to be that browser).
The function processes an Outlook mailbox, and is partly working: I can run down the list of mails and find the Subject and Body, but I need the sender's email address.
I can get this in various ways when I run similar code as an Outlook macro, but none of them work in VBS - the script just hangs (no error message) when I try to get anything of interest - see the function, with various things I've tried commented.
Any pointers as to where I'm going wrong gratefully received....
Function readEmails(mailbox)
Dim iCt
Set objOutlook = CreateObject("Outlook.Application")
Set NS = objOutlook.GetNamespace("MAPI")
Set olFolder = NS.Folders(mailbox)
Set olFolInbox = olFolder.Folders("Inbox")
iCt = 0
For iCt =1 to olFolInbox.Items.Count
set olMessage=olFolInbox.Items(iCt)
msgbox(ict & "-" & olMessage.Subject )
msgbox("SenderEmailType=" & olMessage.SenderEmailType)
msgbox("SenderEmailAddress=" & olMessage.SenderEmailAddress) 'hangs
'set sn=olMessage.SenderName 'hangs
set sUser=olMessage.Sender
'set sn=sUser.Name 'hangs
'msgbox(sUser) 'hangs
'set sExUser=sUser.GetExchangeUser ' hangs
End If
Next
readEmails=sReturn
End Function
It seems that a security issue takes its place when you automate Outlook from an external macro - it can be a security prompt or an exception in the code. How it is seen really depends on the Outlook version (its internal implementation). To avoid security issues when dealing with OOM you can use the following approaches:
Use a low-level API which doesn't trigger security issues in OOM. Outlook is built on top of Extended MAPI which doesn't trigger security issues unlike OOM. Also you may consider using any wrappers around this low-level API such as Redemption.
Use third-party components designed for turning off and on security checks in OOM, see Outlook Security Manager for more information.
You can create a group policy to prevent security prompts from displaying if any up-to-date antivirus software is installed on the system or just turn these warning off (which is not really recommended).
Users get the security prompts/exceptions because Outlook is configured on the client computer in one of the following ways:
Uses the default Outlook security settings (that is, no Group Policy set up)
Uses security settings defined by Group Policy but does not have programmatic access policy applied
Uses security settings defined by Group Policy which is set to warn when the antivirus software is inactive or out of date
Read more about that in the Security Behavior of the Outlook Object Model article.
Related
I want to modify a word document from an agent in Lotus Script. Domino server starts as a service with an Administrator user count. The word document is attached in a Lotus Notes document. I extract the document in a folder that Domino has access.
When the Domino server (as service) runs the process, the Domino displays an error. But when I start the Domino server as application, the process runs well and it doesn't get any error.
The script code is the next:
Set rtItem = doc_perfil.GetFirstItem(campo)
Set obj = rtitem.EmbeddedObjects(0)
sFile = RUTA + "\" + ReplaceSubstring(nameNewFile, "/", "-") + ".docx"
Call obj.ExtractFile(sFile)
OLE_OBJECT = "word.application"
Set Word = CreateObject (OLE_OBJECT)
Set templt = Word.Documents.Add (sFile)
The line that produces the error is "Set templt = Word.Documents.Add (sFile)"
As a first point, running Word on a server is totally unsupported by Microsoft.
The quick and dirty way round this is to not run Domino as a service. A service can't interact with the UI which it needs to for OLE.
The downside to this is that the Domino Server will need to be manually restarted if the Windows server ever reboots.
The proper way to do this is to do what you need in java using a library like docx4j or Apache POI. As you don't include any code beyond opening the word doc, I can't comment further on what would be a suitable library.
In the line of code,
Set templt = Word.Documents.Add (sFile)
Add, does not take parameters, please try word.documents.open
If the Domino is not run as a service and still the error occurs, change the security level of the agent to 3 (run will full admin rights)
I am unable to read clipboard data in Microsoft Edge browser. i am using the below javascript.
if (window.clipboardData && window.clipboardData.getData) { // IE
pastedText = window.clipboardData.getData('Text');
} else if (e.clipboardData && e.clipboardData.getData) { //non-IE
pastedText = e.clipboardData.getData('text/plain');
}
Non of the if/elseif block is executed in Edge. I tried using
e.originalEvent.clipboardData.getData('text/plain');
But I am getting 'Access is denied.' error.
Let me know, if anybody know how to fix this issue.
Edge does not currently support the clipboard api, but it is under consideration and likely to be added in near future.
I do not have edge, but it seems that you are not authorized to access the clipboard data. Is this on a website or are you calling this from within a JavaScript script executed locally?
Make sure the website is in the trusted sites.
See https://w3c.github.io/clipboard-apis/#clipboard-event-interfaces, or more precisely:
12.1 Privacy concerns
Untrusted scripts should not get uncontrolled access to a user's clipboard data. This specification assumes that granting access to the current clipboard data when a user explicitly initiates a paste operation from the user agent's trusted chrome is acceptable. However, implementors must proceed carefully, and as a minimum implement the precautions below:
Objects implementing the DataTransfer interface to return clipboard data must not be available outside the ClipboardEvent event handler.
If a script stores a reference to an object implementing the DataTransfer interface to use from outside the ClipboardEvent event handler, all methods must be no-ops when called outside the expected context.
Implementations must not let scripts create synthetic clipboard events to get access to real clipboard data except if configured to do so.
Implementations should not let scripts call document.execCommand('paste') unless the user has explicitly allowed it.
Implementations may choose to further limit the functionality provided by the DataTransfer interface. For example, an implementation may allow the user to disable this API, or configure which web sites should be granted access to it.
I've been given a task to create a protocol similar to callto:, that - upon clicking on a link with it - would automatically launch an installed aplication.
I followed the microsoft guide on how a scheme should look like.
My scheme looks like this:
HKEY_CLASSES_ROOT
slican
URL Protocol = ""
DefaultIcon (Default) = "C:\Users\Okabe\Desktop\slican\SlicanP.exe,1"
shell
open
command (Default) = "C:\Users\Okabe\Desktop\slican\SlicanP.exe" "%1""
I thought that was all and tested it with
test link
test telephone link
There was no reaction whatsoever. Internet Explorer asked me if I want to search for a program that can open the content and Chrome responded with nothing, as if I clicked javascript:void(0).
How to get that worked?
Thank you for your help!
The registration you show works perfectly fine for me when I try it on Windows 7. The local app I registered in place of SlicanP.exe ran fine when I invoked a slican: URL from the Start | Run menu, and from within the address bar of Windows Explorer. So the registration works.
Do be aware that Internet Explorer runs in a lower integrity security context, so it may not have rights to run local programs. When I tried to click on an HTML link to a slican: URL, or type a slican: URL in the address bar, IE had trouble executing the local app (even after prompting for permission). I had to run IE as an administrator, then the local app ran just fine.
Also, you really should not be creating a HKEY_CLASSES_ROOT\slican key directly. Create a HKEY_CURRENT_USER\Software\Classes\slican (current user only) or HKEY_LOCAL_MACHINE\Software\Classes\slican (all users) instead. Refer to MSDN for more details:
HKEY_CLASSES_ROOT Key
Merged View of HKEY_CLASSES_ROOT
Update: Since it works in Windows 7, Microsoft probably changed how URL schemes are registered in Windows 8. For instance, phone/store apps use URI activation:
URI activation (XAML).
URI activation (HTML)
The documentation says there are two ways to register a custom URI scheme:
Internet Explorer uses two mechanisms for registering new pluggable protocol handlers. The first method is to register a URI scheme name and its associated application so that all attempts to navigate to a URI using that scheme launch the application (for example, registering applications to handle mailto: or news: URIs). The second method uses the Asynchronous Pluggable Protocols API, which allows you to define new protocols by mapping the URI scheme to a class.
You are doing the first. Try using the second instead.
However, I just noticed that "Asynchronous Pluggable Protocols" is listed on MSDN in the "Legacy APIs" section, and it has the following note:
Third-party protocol implementations won't load in Windows Store apps using JavaScript, or in the Internet Explorer in the new Windows UI.
So it may or may not work in Windows 8.
Update: I just found this:
Guidelines for file types and URIs
In Windows 8, the relationship between apps and the file types they support differs from previous versions of Windows.
Walkthrough: using Windows 8 Custom Protocol Activation
The file type and protocol association model has changed in Windows 8. Apps are no longer able to programmatically set themselves as the default handler for a file type or protocol. Instead, now the user always controls what the default handler is for a file type or protocol.
Your app can use existing protocols for communication, such as mailto, or create a custom protocol. The protocol activation extension enables you to define a custom protocol or register to handle an existing protocol.
Also have a look at this:
Setting mailto: protocol handler programmatically in Windows 8
And this:
Default Programs
if you go to C:\Users\\AppData\Local\Google\Chrome\User Data
You can edit the Local State file
Search for protocol_handler
The syntax here is a key value pair. I usually copy two mailto: and make sure that you set your protocols to false. This will mean that chrome will treat your new protocols as URI_Handler events
If you have troubles with configuring custom URI scheme, you can compare your own configuration with existing one. For example, "HKEY_CLASSES_ROOT/mailto" - most likely you have it already in your system.
I'm having trouble with my own AppleScript applications and Accessibility in "Security & Privacy".
I've written an application called "open cubase" that I've granted accessibility rights. I used Apple's advice on how to prevent repeated re-authorization (http://support.apple.com/kb/HT5914). But now even when the application is listed and selected in the Accessibility list, it says that it doesn't have assistive access.
And when I'm using
sudo sqlite3 /Library/Application\ Support/com.apple.TCC/Tcc.db 'SELECT * FROM access WHERE client LIKE "%%"'
to check what's going on, I can see this:
kTCCServiceAccessibility|com.atonus.open-cubase|0|1|0|??
Why is there ?? at the end of that? Is there anyone who would know how to resolve this?
I'm using OSX 10.9.2.
Update, based on feedback from the OP:
The OP's issue is not the use of property statements that normally cause an AppleScript-based application to self-modify the application bundle's embedded Contents/Resources/Scripts/main.scpt script file when property values change at runtime.
However, Apple's workaround at http://support.apple.com/kb/HT5914
IS specifically meant to address not requiring re-authorization as a result of this self-modification issue for a given version of an application.
is NOT meant to allow updating the app (changing its source code or resources) without re-authorization.
For security reasons there is NO way to grant one-time authorization to an app based on its bundle ID and then keep it authorized no matter how it changes (e.g., through updates).
You have two options:
Either: Re-authorize the application every time you update it.
After updating your app, go to System Preferences > Security & Privacy > Privacy > Accessibility and toggle the checkmark next to the list item representing your application (if you application isn't there, drag it there).
Note: With Apple's workaround in place - which for security reasons is NOT a good idea unless you truly need to use property statements that persist their values - it may be sufficient to re-sign the application - haven't verified that.
Or: Use a workaround - not recommended for security reasons:
Make your app an unchanging wrapper that loads the true script code at runtime from a location OUTSIDE the app bundle - that way, the app stays the same and doesn't require re-authorization even if the script file loaded at runtime changes.
Example: Say your true script code - involving code requiring assistive access - is stored as ~/Desktop.test.scpt; your wrapper application, once authorized, can then invoke that script with run script file ((path to home folder as text) & "Desktop:test.scpt")
I don't have a specific explanation, but a recommendation:
Do not use properties (e.g., property FNAME : "Input.txt") in your AppleScript-based applications: AppleScript persists these automatically (preserves their values between runs), but the feature is implemented awkwardly (the persisted values are written to the *.scpt file itself - this is what causes the repeated authorization problem) and flimsily (if you modify your application and save (the *.scpt file at the heart of the) application again, previously persistent values are lost).
If you stay away from properties, the problem with repeated authorization simply goes away (unless you update your application). You can roll your own persistence, e.g., via AppleScript's support for .plist (property-list) files (see the System Events dictionary).
You also won't need the workaround described in the linked support article (http://support.apple.com/kb/HT5914), which is also a plus, given that the workaround is based on opening up a security hole.
As for your specific question:
The ?? is the - unhelpful - representation of the csreq columnn value from the TCC.db database and is not a problem per se; OSX manages that column behind the scenes; it contains a fingerprint of sorts identifying the application in its specific current form (similar to an MD5 hash, though I have no idea what is actually being used), so as to be able to detect tampering later.
However, I suspect you may be looking at the wrong database entry:
I'm puzzled by your bundle ID being com.atonus.open-cubase: if your app is an AppleScript-based *.app bundle, its bundle ID would have the fixed prefix com.apple.ScriptEditor.id., e.g., com.apple.ScriptEditor.id.open-cubase. Did you manually modify the bundle ID via the bundle's Info.plist file, or am I missing something?
When the OS determines tampering/a change in an authorized application:
It resets the allowed column value to 0, i.e., revokes authorization
It resets the csreq column value to NULL.
Thus, after you've seen the ... is not allowed assistive access dialog, the database entry should be reported as kTCCServiceAccessibility|com.atonus.open-cubase|0|0|1| - note the changed Boolean flags and the absence of the ?? at the end.
Crystal Reports 11 (craxdrt.dll 11.5.7.1048)
Windows 7
I'm using Crystal Reports to export to a PDF document, using CRYSTALCRAXDRT::IReport::Export, and am getting an error, Windows 7 only.
"There is no email program associated to perform the requested action. Please install an email program or, if one is already installed, create an association in the Default Programs control panel."
Again, I'm not trying to send email, just create a document.
I've put forth a little debugging effort into this, and what seems to be happening is this:
I call into craxdrt.dll via the IReport interface, function Export(...), and then, monitoring with procmon, I find that there are several hundred registry queries for default mailer, contacts, etc.
It would seem that craxdrt.dll is building a large-ish data structure ahead of the task with whatever info it might need for a family of functions.
There's an error posted when the program can't find a default email client
Problems with this:
Windows 7 does not ship with a default email client, and early investigation seems to indicate that installing one does not necessarily ameliorate the problem. In any case, I do not expect all of our clients to have one installed, nor do our clients expect to have one installed by us.
Absent the actual need for an email client (i.e., in the above case), we're still getting this error message pop-up.
Note:
Interestingly, this doesn't actually prevent the user from pressing the export button again, and in fact if the user does this, the error does not show up, as the registry queries are apparently done only once per load or use of craxdrt.dll.
I think you are missing setting the ExportOptions before exporting:
Dim crxReport As Report
Set crxReport = Prepare()
crxReport.ExportOptions.FormatType = crEFTPortableDocFormat
crxReport.ExportOptions.DestinationType = crEDTDiskFile
crxReport.ExportOptions.DiskFileName = "C:\temp\Report.PDF"
crxReport.Export (False)