javascriptsecuritywatin

Browser.ExecScript() stopped working after updating windows


I've set up a simple testbed for WatiN (ver 2.1) which reads:

var browser = new IE();

browser.GoTo("http://www.google.co.il"); // webpage doesn't matter really
browser.RunScript("alert(123)");

This works only if KB3025390 is not installed. Installing it breaks the above test with an UnAuthorizedAccessException which has HRESULT set to E_ACCESSDENIED. What gives? Is there any workaround?

Update: Using IWebBrowser2.Navigate2 along with "javascript:console.log(123)" type of scripts works however

Update#2: The folks over at the selenium project have also noticed this issue:

https://code.google.com/p/selenium/issues/detail?id=8302

A bug report has been created as well:

https://connect.microsoft.com/IE/feedback/details/1062093/installation-of-kb3025390-breaks-out-of-process-javascript-execution-in-ie11

Update#3: IHTMLWindow2.setInterval and IHTMLWindow2.setTimeout also throw UnauthorizedAccess exceptions. These methods are not marked as deprecated in:

http://msdn.microsoft.com/ko-kr/library/windows/desktop/aa741505%28v=vs.85%29.aspx

yet they have wounded up suffering from the same cutbacks all the same.

Update#4: I gave the approach recommended in this post a shot:

https://stackoverflow.com/a/18546866/863651

In order to dynamically invoke the "eval" method of the IHTMLWindow2 object (or any other method really). Got the same "System.UnauthorizedAccessException" as above. So no joy here either.

Microsoft recommends using "eval" over "execscript" however after the above experiment I suspect that they are refering to accessing "eval" only from within the browser.

As far as I can tell thus far, when it comes to the full-fledged IE11+ using "eval" out-of-process (via COM) appears to have been completely prohibited along with any other function-invocation of the window object, the only exception being the back-channel of the .Navigate2() mentioned above.


Solution

  • It turns out Microsoft eventually backpedaled on its decision to kill off .execScript at COM-level. Just install the latest updates for Windows including kb3025390: One of the updates for IE that came after kb3025390 brings back .execScript functionality at COM-level

    Note, however, that .execScript is not accessible through IE's javascript anymore. In that context it's gone for good.