How to disable the "jump to url" option from the chm viewer (html help) ?
-
Hello, I'm trying (for security reasons) to diasble\remove\supress the "jump to url" menu item that appears in context menu of the chm viewer ? When I googled it I came across sites that explain how to do so, but in the process they also disabled the run command (which I need). Any Ideas ? Thanks, Eyal
-
Hello, I'm trying (for security reasons) to diasble\remove\supress the "jump to url" menu item that appears in context menu of the chm viewer ? When I googled it I came across sites that explain how to do so, but in the process they also disabled the run command (which I need). Any Ideas ? Thanks, Eyal
Keep in mind that opening web pages is a fundamental part of hh.exe because it embeds the Internet Explorer WebBrowser control. This means that even if you manage to disable this menu item people can still drag and drop a url onto the viewing area to visit any page they like. This is easy to try: 1) Open any CHM file. 2) Open an application that allows drag and drop of text strings and enter a URL starting with http:// 3) Select the URL then drag and drop it into the viewing area of hh.exe (the CHM you have open). I suspect that you cannot disable navigating to a location on the Internet at that level without breaking the WebBrowser control and in turn breaking hh.exe. I think a better approach would be to find a tool that will restrict specific applications from calling to and receiving traffic from the Internet. Windows firewall allows you to block connections for specific applications. See Microsoft documentation for your version of Windows, or try this as a starting point http://www.microsoft.com/windowsxp/using/security/internet/sp2_wfexceptions.mspx[^] Some quick tests show that Windows Firewall (the GUI anyway) doesn't let you specify programs to block, apparently it blocks everything unless you make an exception. However, even other apps like ZoneAlarm are also unable to block the WebBrowser "connect to internet" functionality when it is embedded in other programs (like hh.exe). I suspect you might not be able to block WebBrowser control without removing it from your system (which would pretty much break Windows) or unless you block all the specific ports associated with different protocols that you don't want people to be able to get to. If this is a real concern you should probably get some help directly from Microsoft.
---------------- Derek Read
modified on Wednesday, March 2, 2011 2:04 PM
-
Keep in mind that opening web pages is a fundamental part of hh.exe because it embeds the Internet Explorer WebBrowser control. This means that even if you manage to disable this menu item people can still drag and drop a url onto the viewing area to visit any page they like. This is easy to try: 1) Open any CHM file. 2) Open an application that allows drag and drop of text strings and enter a URL starting with http:// 3) Select the URL then drag and drop it into the viewing area of hh.exe (the CHM you have open). I suspect that you cannot disable navigating to a location on the Internet at that level without breaking the WebBrowser control and in turn breaking hh.exe. I think a better approach would be to find a tool that will restrict specific applications from calling to and receiving traffic from the Internet. Windows firewall allows you to block connections for specific applications. See Microsoft documentation for your version of Windows, or try this as a starting point http://www.microsoft.com/windowsxp/using/security/internet/sp2_wfexceptions.mspx[^] Some quick tests show that Windows Firewall (the GUI anyway) doesn't let you specify programs to block, apparently it blocks everything unless you make an exception. However, even other apps like ZoneAlarm are also unable to block the WebBrowser "connect to internet" functionality when it is embedded in other programs (like hh.exe). I suspect you might not be able to block WebBrowser control without removing it from your system (which would pretty much break Windows) or unless you block all the specific ports associated with different protocols that you don't want people to be able to get to. If this is a real concern you should probably get some help directly from Microsoft.
---------------- Derek Read
modified on Wednesday, March 2, 2011 2:04 PM
Your best hope might be "Windows Firewall with Advanced Security" which is new to Windows Vista, 7 and Server 2008.
---------------- Derek Read