Nick FitzGerald wrote:
> Users just *may* be able to control handling of "about:" URLs (at
> least insofar as breaking them completely counts as "controlling
> them" 8-) ). There is a registry key:
>
> HKCR\PROTOCOLS\Handler\about
>
> which in the fairly default install of IE 5.5 on this machine holds
> two values -- an empty default value and a CLSID string value set to
> {3050F406-98B5-11CF-BB82-00AA00BDCE0B}. In HKCR\CLSID that CLSID is
> described as "Microsoft HTML About Pluggable Protocol" and (not
> surprisingly) an InProcServer of "%SystemRoot%\System32\mshtml.dll".
>
> I imagine you could munge either the InProcServer value of the CLSID
> to break all references to the about: protocol called through a CLSID
> reference or just munge the CLSID value in the Protocol\about key to
> break calls to the about: protocol via the approved mechanisms for
> protocol handling.
Another approach would be to write your own version of the about: protocol
module, and point the server to your implementation DLL.
Non-vendor-approved patch, anyone? :-)
