Introduction to Feature Controls
Feature Controls are new additions to Windows Internet Explorer in Windows XP Service Pack 2 (SP2). A Feature Control enables administrators and developers to turn certain security restrictions on or off. Administrators can use group policy to enable or disable feature controls, and developers can enable or disable feature controls using the CoInternetSetFeatureEnabled function and related APIs.
This article contains the following topics.
- Feature Control Overview
- New for Windows Internet Explorer 7
- Enabling and Disabling Features
- Feature Control Functions
- Feature Control Keys in the Registry
- URL Actions
- Related topics
Feature Control Overview
When a feature control is enabled for a process, the more restrictive behaviors governed by the feature are enforced. When a feature control is not enabled, the less restrictive behaviors are allowed. Some Feature Controls work in conjunction with URL actions and policies. In that case, when the Feature Control is enabled, the URL action determines the behavior of the browser.
Some feature controls can be turned on or off for a specific security zone, and some feature controls apply to any page regardless of zone. (For more information on security zones, see About URL Security Zones). Feature Controls work on a process-by-process basis, so developers hosting the WebBrowser Control can enable or disable security features for the current process without affecting other processes (including Internet Explorer itself). The policies for URL actions are set across all processes.
Administrators can set Feature Controls using group policy. For more information, see Internet Explorer Maintenance Policy.
Windows XP SP2 adds the following feature controls:
Object Caching (FEATURE_OBJECT_CACHING) - This control blocks access to objects instantiated and cached from a different security context than the current page.
Zone Elevation (FEATURE_ZONE_ELEVATION) - This control prevents navigation to a page in the Trusted Sites or My Computer zone if the current page is not already in that zone.
Mime Handling (FEATURE_MIME_HANDLING) - When a file is downloaded, this control checks the file name extension, the Content Type, and Content Disposition in the HTTP header, and the file's signature bits. Files with inconsistent information may be renamed to a safer file name extension. Any files that remain mismatched may be blocked from running on the user's system.
Mime Sniffing (FEATURE_MIME_SNIFFING) - This control enables checks to the signature bits of downloaded files in order to determine the file's type and render it properly.
Window Restrictions (FEATURE_WINDOW_RESTRICTIONS) - This control forces pop-up windows to remain in the viewable desktop area, display a status bar, and not draw their borders outside the viewable area of the screen. It ensures that browser windows cannot overlay important information in their parent windows, or in system dialogs. If enabled, windows may be restricted, depending on the URL Action for the page.
Popup Management (FEATURE_WEBOC_POPUPMANAGEMENT) - This control enables applications hosting the WebBrowser Control to use Internet Explorer's default pop-up blocker.
Binary Behaviors (FEATURE_BEHAVIORS) - This control disables binary behaviors.
Local Machine Lockdown (FEATURE_LOCALMACHINE_LOCKDOWN) - This control applies Local Machine Zone settings to all local content. For more information, see About URL Security Zones
Restrict ActiveX Install (FEATURE_RESTRICT_ACTIVEXINSTALL) - This control allows applications hosting the WebBrowser Control to opt in to blocking new ActiveX controls, and prevents installation of updates for ActiveX controls that are not already installed. If FEATURE_SECURITYBAND is on, the Information Bar will appear when an ActiveX control is blocked, to enable the user to unblock it.
Block Loading COM Objects as ActiveX Controls (FEATURE_ACTIVEX_REPURPOSEDETECTION) - This control allows an application hosting the WebBrowser Control to control the repurposing of COM controls as ActiveX controls. Determines whether to perform ActiveX re-purpose detection, which tests whether the control is safe to be hosted.
Restrict File Download (FEATURE_RESTRICT_FILEDOWNLOAD) - This control allows an application hosting the WebBrowser Control to take advantage of Internet Explorer's functionality that prevents file downloads not initiated by user action. If FEATURE_SECURITYBAND is on, the Information Bar will appear, to enable the user to unblock the download.
Add-on Management (FEATURE_ADDON_MANAGEMENT) - This feature control key enables applications hosting the WebBrowser Control to get Internet Explorer's Add-on Manager functionality. Add-ons disabled by the user or by administrative group policy will also be blocked in any application specified in the Feature_Addon_Management key.
Protocol Lockdown (FEATURE_PROTOCOL_LOCKDOWN) - This control restricts selected protocols from performing URL actions in some security zones. A list of restricted protocols is maintained for each zone.
Security Band (FEATURE_SECURITYBAND) - This control enables applications hosting the WebBrowser Control to show the default Internet Explorer Information Bar when file download or code installation is restricted.
New for Windows Internet Explorer 7
Tabbed Browsing (FEATURE_TABBED_BROWSING) - This feature controls whether users can organize and manage groups of Web pages as multiple tabs in the same application window.
Improved SSL User Experience (FEATURE_SSLUX) - This feature suppresses Microsoft Win32 Internet (WinInet) dialogs on the first occurrence of Secure Sockets Layer (SSL) errors.
Quiet Navigation (FEATURE_DISABLE_NAVIGATION_SOUNDS) - This control disables the sound that is produced when clicking on links.
Enhanced HTTP Header Compression (FEATURE_DISABLE_LEGACY_COMPRESSION) - This feature deactivates the legacy compression architecture, and consolidates manipulation of HTTP data into one location. The new architecture provides consistency between transfer encoding (such as HTTP no-cache headers) and content encoding.
Mandatory Address and Status Bar (FEATURE_FORCE_ADDR_AND_STATUS) - This feature forces new windows to include a read-only address and status bar to minimize spoofing.
Block User Input Dialogs (FEATURE_BLOCK_INPUT_PROMPTS) - This feature allows the pop-up blocker to dismiss prompt dialogs to minimize spoofing.
Built-in XMLHttpRequest (FEATURE_XMLHTTP) - This feature control enables native scripting support for XMLHTTP from the window object. See XMLHttpRequest for details.
Enabling and Disabling Features
There are two ways to enable (opt into) and disable (opt out of) Windows Internet Explorer Feature Controls:
- Feature Control Functions
- Feature Control Keys in the Registry
Feature Control Functions
Some Feature Controls can be set at run time (programmatically) with the CoInternetSetFeatureEnabled function. This function takes three parameters:
- an enum value from the INTERNETFEATURELIST enumeration that identifies the control being set
- a flag that indicates whether the feature is being set on the current thread, process, or for a particular zone
- a Boolean value that indicates whether the Feature Control is being enabled or disabled
In the following example, the code enables the Binary Behaviors Feature Control in the current process.
HRESULT hr = CoInternetSetFeatureEnabled(FEATURE_BEHAVIORS, SET_FEATURE_ON_PROCESS, TRUE);
CoInternetIsFeatureEnabled enables developers to determine whether the specified control is set for the current process or thread, or for a particular zone. This function takes just two parameters:
- an enum value from the INTERNETFEATURELIST enumeration
- a flag that indicates whether the feature setting is being checked for the current process or thread, or for a particular zone
For example, the following code retrieves the setting for the Binary Behaviors Feature Control for the current process. CoInternetIsFeatureEnabled returns S_OK if the feature is enabled, and S_FALSE if the feature is not enabled. Note that the FAILED and SUCCEEDED macros commonly used for checking HRESULTs do not work here; you need to check the return value explicitly.
HRESULT hr = CoInternetIsFeatureEnabled(FEATURE_BEHAVIORS, GET_FEATURE_FROM_PROCESS);
if (S_FALSE == hr)
{
MessageBox("The Binary Behavior control is disabled");
}
Calling CoInternetSetFeatureEnabled will not save the new setting for the Feature Control in the Windows registry, even if the process is listed under the control name in the registry.
Feature Control Keys in the Registry
Any of the Feature Controls can be enabled or disabled in the registry, even those that do not appear in INTERNETFEATURELIST. Some Feature Controls (such as FEATURE_LOCALMACHINE_LOCKDOWN) cannot be effectively enabled at run time and require a registry setting.
For example, the FEATURE_BLOCK_LMZ_SCRIPT feature of Windows Internet Explorer 7 blocks script access from the user's local file system, but it is not defined as an enumerated value. To enable this feature for your process:
- Open HKLM or HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl key in the registry.
- Create a subkey for
FEATURE_BLOCK_LMZ_SCRIPT
, if it doesn't already exist. - Add a new REG_DWORD value for your process name and set its value to
1
.
The following registry key opts in to the FEATURE_BLOCK_LMZ_SCRIPT Feature Control for the ProcessName.exe
process.
HKEY_LOCAL_MACHINE (or HKEY_CURRENT_USER)
SOFTWARE
Microsoft
Internet Explorer
Main
FeatureControl
FEATURE_BLOCK_LMZ_SCRIPT
ProcessName.exe = 0x00000001
You can also disable and enable Feature Controls for Internet Explorer by creating an entry (as above) for iexplore.exe
and setting the REG_DWORD value to 0
.
Many Feature Control keys can also be controlled by network administrators by using Group Policy. When a group policy is modified, a value similar to the one above is written to the policy hive in the Windows registry. Because Feature Controls can be configured in multiple places, Internet Explorer will look for values in the following order of precedence:
- HKEY_LOCAL_MACHINE policy hive (administrative overrides)
- HKEY_CURRENT_USER policy hive
- HKEY_CURRENT_USER preference hive
- HKEY_LOCAL_MACHINE preference hive (system default settings)
URL Actions
Some Feature Controls work in conjunction with URL Actions. A URL Action is a security setting that applies to a browser activity. It represents a very specific security behavior, such as URLACTION_SCRIPT_RUN, that determines whether script code can be run on a page loaded by the browser. Every security zone may have a different setting for each URL Action. The URL Action settings for a zone determine the behavior of pages that are loaded from that zone. For more information on URL Actions, see About URL Security Zones Templates.
Some of the Feature Controls are used to determine whether associated URL Actions apply to zones in the current process. When the Feature Control is turned off, the URL Action does not apply to pages loaded by the browser. When the Feature Control is enabled, the current setting for the URL Action applies.
The setting for a URL Action is known as a URL Policy. In general, most URL Actions have at least three valid URL policies: URLPOLICY_ALLOW, URLPOLICY_DISALLOW, and URLPOLICY_QUERY. Allow and Disallow are used to enable or disable the URL Action behavior; Query enables the browser to present a dialog to the user asking for permission to use the feature associated with the URL Action. For example, when URLACTION_SCRIPT_RUN is set to URLPOLICY_QUERY, the browser prompts the user when a page is loaded that contains a script, and asks whether the script should be run.
For a list of default URL Policies for each zone, see About URL Security Zones Templates.
The Feature Controls and their related URL Actions are:
Protocol Lockdown (FEATURE_PROTOCOL_LOCKDOWN)
URLACTION_ALLOW_RESTRICTEDPROTOCOLS
Restrict ActiveX Install (FEATURE_RESTRICT_ACTIVEX_INSTALL)
URLACTION_AUTOMATIC_ACTIVEX_UI
Block Loading COM Objects as ActiveX Controls (FEATURE_ACTIVEX_REPURPOSEDETECTION)
URLACTION_ACTIVEX_OVERRIDE_REPURPOSEDETECTION
Restrict File Download (FEATURE_RESTRICT_FILEDOWNLOAD)
URLACTION_AUTOMATIC_DOWNLOAD_UI
Binary Behaviors (FEATURE_BEHAVIORS)
URLACTION_BEHAVIOR_RUN
Mime Sniffing (FEATURE_MIME_SNIFFING)
URLACTION_FEATURE_MIME_SNIFFING
Zone Elevation (FEATURE_ZONE_ELEVATION)
URLACTION_FEATURE_ZONE_ELEVATION
Window Restrictions (FEATURE_WINDOW_RESTRICTIONS)
URLACTION_FEATURE_WINDOW_RESTRICTIONS
URL Policies are examined and set programmatically using the IInternetZoneManager and IInternetZoneManagerEx interfaces.
Note: Calling IInternetZoneManager::SetZoneActionPolicy on the default Zone Manager interface (created by the CoInternetCreateZoneManager function) will set the new URL Policy in the registry. Any subsequent process that hosts the WebBrowser Control inherits the new security setting. To avoid affecting other processes, it is recommended that you implement a custom zone manager in order to change URL policies for your process.
Windows XP SP2 provides a new function, CoInternetIsFeatureEnabledForUrl, that enables developers to determine whether a Feature Control is enabled and which URL Policy is set for the specified URL Action, for the given URL.
In the following example, CoInternetIsFeatureEnabledForUrl returns S_OK if the Feature Control is enabled and if the associated URL Action (if any) is set to something other than URLPOLICY_ALLOW. If the URL Policy allows the specified URL Action, CoInternetIsFeatureEnabledForUrl returns S_FALSE. It also returns S_FALSE if the control is disabled, allowing the risky behavior. CoInternetIsFeatureEnabledForUrl returns S_FALSE when it cannot guarantee that the risky behavior in question is disabled for the specified page.
LPCWSTR szUrl = L"https://msdn.microsoft.com";
IInternetSecurityManager* pSecurityManager = NULL;
HRESULT hr = CoInternetCreateSecurityManager(NULL, &pSecurityManager, NULL);
if (SUCCEEDED(hr))
{
HRESULT hr2 = CoInternetIsFeatureEnabledForUrl(FEATURE_BEHAVIORS, GET_FEATURE_FROM_THREAD_INTRANET, szUrl, pSecurityManager);
if (S_FALSE == hr2)
MessageBox("The Binary Behaviors Feature Control is disabled.");
}
if (pSecurityManager != NULL) pSecurityManager->Release();
Related topics
Reference
Conceptual