Why doesn't implementing IObjectSafety make a difference?

Question

we have an activex object which implements IObjectSafety to indicate that it is safe for scripting. It installs from a trusted site. but we still get the IE complaint that the control on this page is not safe for scripting.

The admins for the site that are running our activex are reluctant to enable controls not marked safe for scripting even though its the trusted zone.

our cab and all its components are signed (we finally made the uverified publisher go away by signing every dll that went into the msi installer)

anybody have any thoughts on how to bludgeon IObjectSafety into working?

Answer 1

Make sure that you are using the correct GUID for IObjectSafety. Your interface should look like this, with the specific GUID:

[ComImport]
// This GUID matters!
[Guid("CB5BDC81-93C1-11CF-8F20-00805F2CD064")]
[InterfaceType(ComInterfaceType.InterfaceIsIUnknown)]
public interface IObjectSafety
{
    [PreserveSig]
    int GetInterfaceSafetyOptions(ref Guid riid, out int pdwSupportedOptions, out int pdwEnabledOptions);

    [PreserveSig]
    int SetInterfaceSafetyOptions(ref Guid riid, int dwOptionsMask, int dwEnabledOptions);
}

There are a few links out there that outline how to implement IObjectSafety, but here's the only one I found that calls out the fact that the Guid matters. After making that change in my code, IE no longer complained.