Unspecified Potential Security Flaw

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Dear Sirs,

Sorry, have reposted from another section as have not received any
responses...

I am using createDocumentFromUrl to obtain data from the web, which is
called several times (>100) for the application I am attempting.

I receive the following IE message when making this call:

This page has an unspecified potential security flaw. Would you like to
continue.

Is there any way to prgramatically surpress this message?

Note that when using the same url in IE directly (rather than from VB), I do
not get any error / warning messages.

Thanks

JC

PS further to previous posts the MSDN KB alludes to a similar issue for this
(implying cookie handling being the issue), refer:

http://support.microsoft.com/default.aspx?scid=kb;en-us;323034

It does not exactly help me but maybe someone who knows more about this than
me can discern a work around from this.
 
Why dont you connect to the server and retrieve the document directly, I
mean without using IE?

best regards,
Alejandro Lapeyre

"Jack Clift" <[email protected]> escribió en el mensaje
Dear Sirs,

Sorry, have reposted from another section as have not received any
responses...

I am using createDocumentFromUrl to obtain data from the web, which is
called several times (>100) for the application I am attempting.

I receive the following IE message when making this call:

This page has an unspecified potential security flaw. Would you like to
continue.

Is there any way to prgramatically surpress this message?

Note that when using the same url in IE directly (rather than from VB), I do
not get any error / warning messages.

Thanks

JC

PS further to previous posts the MSDN KB alludes to a similar issue for this
(implying cookie handling being the issue), refer:

http://support.microsoft.com/default.aspx?scid=kb;en-us;323034

It does not exactly help me but maybe someone who knows more about this than
me can discern a work around from this.
 
Jack,

First that I answer in this is forever,
Ineternet Explorer gets a Page not a document.
A page can exist from more documents.

The mshtml.createDocumentFromUrl, gets a document.

So to get a good answer I think that you have to show us at least the page
where you are talking about.

I hope this helps?

Cor
 
Here is the code:

a potential url would be:
"http://tradingroom.com.au/apps/qt/quote.ac?section=quotedetail&sy=tpl&type=delayedquote&code=BHP"


Function TradingRoomGetQuoteData(ByVal sWS As String) As Boolean
Dim oMSHTML As MSHTML.HTMLDocument
Dim oHTMLDoc As MSHTML.HTMLDocument
Dim oDataTable As MSHTML.HTMLTable
Dim oWebTables As Object

Dim oWB As Workbook
Dim oWSCompanyList As Worksheet

Dim sQuoteQuery As String
Dim sTableData As String
Dim sASXCodes As String
Dim sURL As String

Dim iLastCompanyRow As Integer
Dim iCompanyRow As Integer
Dim iTableRow As Integer
Dim iTableCell As Integer

Dim bFoundLast As Boolean, bFoundYield As Boolean, bFoundCap As Boolean

Set oMSHTML = New MSHTML.HTMLDocument

Set oWB = ActiveWorkbook
Set oWSCompanyList = oWB.Worksheets(sWS)

sURL =
"http://tradingroom.com.au/apps/qt/quote.ac?section=quotedetail&sy=tpl&type=delayedquote&code="

iLastCompanyRow = oWSCompanyList.Cells.SpecialCells(xlLastCell).Row - 1

iCompanyRow = ASXLIST_OFFSET

Do While iCompanyRow <= iLastCompanyRow

sASXCodes = oWSCompanyList.Cells(iCompanyRow, 2).Value
'sQuoteQuery = sURL & "BHP"
sQuoteQuery = sURL & sASXCodes
Set oHTMLDoc = oMSHTML.createDocumentFromUrl(sQuoteQuery,
vbNullString)

While oHTMLDoc.readyState <> "complete"
DoEvents
Wend

With oHTMLDoc.documentElement
Set oWebTables = .all.tags("table")
Debug.Print sASXCodes
bFoundLast = False
bFoundYield = False
bFoundCap = False
For Each oDataTable In oWebTables
For iTableCell = 0 To oDataTable.Cells.Length - 1
sTableData = Trim(oDataTable.Cells(iTableCell).innerText)
'Debug.Print iTableCell; sTableData
Select Case sTableData
Case "Closing Price"
Debug.Print
oDataTable.Cells(iTableCell).innerText; ":"; oDataTable.Cells(iTableCell +
6).innerText
bFoundLast = True
Exit For
Case "Div Yield"
Debug.Print
oDataTable.Cells(iTableCell).innerText; ":"; oDataTable.Cells(iTableCell +
5).innerText
bFoundYield = True
Exit For
Case "Market Capitalisation"
Debug.Print
oDataTable.Cells(iTableCell).innerText; ":"; oDataTable.Cells(iTableCell +
1).innerText
bFoundCap = True
Exit For
End Select
Next
If bFoundLast And bFoundYield And bFoundCap Then Exit For
Next

End With
iCompanyRow = iCompanyRow + 1
Loop

End Function
 
Jack,

I don't think I can help you with this kind of information.

On the other hand a page as this is can be changed very easy, so know what
you are doing.

I would never make any solution behind such a page.

Just my thought,

Cor
 
Fixed!!!

It was very hard to solve the issue similar as Jack Clift was reporting. therefor I post it here to help guys googling around like me.

On XP it was sufficient to add the sites you wanted to crawl as trusted sites, but for Vista that doensn't work either.

I solved by setting the editMode before creating the document. This seems to supress execution of active content (scripts etc), and therefor more safe:

Code: 
Set objMSHTML = New MSHTML.HTMLDocument
objMSHTML.DesignMode = "on" 'surpress security warning IE "this page has an unspecified potential security flaw" in next line
Set objDoc = objMSHTML.createDocumentFromUrl(strUrl, vbNullString)

Happy coding
ErKr
 
Thanks erkr,

I took the time to register to this site just so I could say thanks. You saved me a ton of time trying to figure this out. The solution is very obscure and I probably would not have run across it, had you not posted it here.

So again, thanks alot!!
 
moacg said:
Thanks erkr,

I took the time to register to this site just so I could say thanks. You saved me a ton of time trying to figure this out. The solution is very obscure and I probably would not have run across it, had you not posted it here.

So again, thanks alot!!
Click to expand...

I just register for the same purpose

thanks for post :)
 
Back
Top