How Do You Mark an ActiveX Control Safe in Scripting?


Heather Bennett

ActiveX controls are a powerful tool for enhancing the functionality and interactivity of web pages. However, due to security concerns, not all ActiveX controls are considered safe to run in scripting environments. In this tutorial, we will explore how to mark an ActiveX control as safe for scripting using HTML.

Why Mark an ActiveX Control Safe in Scripting?

ActiveX controls are essentially small programs that can be embedded within web pages and provide additional functionality, such as multimedia playback or data input. By default, these controls are subject to strict security restrictions imposed by web browsers to protect users from potentially malicious code.

By marking an ActiveX control as safe for scripting, you can bypass these security measures and allow the control to execute scripts within the webpage. This is useful when you have a trusted control that requires scripting capabilities to function properly.

Step 1: Identify the Control

The first step in marking an ActiveX control safe for scripting is identifying the control’s unique identifier (CLSID). The CLSID is a globally unique identifier assigned to each registered COM object on a Windows system.

To find the CLSID of an ActiveX control, follow these steps:

  • Step 1: Open the Windows registry editor by pressing Win + R, typing “regedit”, and pressing Enter.
  • Step 2: Navigate to HKEY_CLASSES_ROOT\CLSID.
  • Step 3: Under the CLSID key, you will find various subkeys corresponding to different COM objects registered on your system. Look for the subkey that represents your Target ActiveX control.
  • Step 4: Once you’ve located the correct subkey, note down its CLSID value. This is the unique identifier that you will use in the next steps.

Step 2: Create a Mark of the Web

In order to bypass scripting restrictions for an ActiveX control, we need to create a “mark of the web” in our HTML file. This mark consists of a specially formatted comment that informs Internet Explorer (or other compatible browsers) that the webpage can be trusted and should allow scripting for specific ActiveX controls.

To create the mark of the web, follow these steps:

  • Step 1: Open your HTML file in a text editor or an integrated development environment (IDE).
  • Step 2: Locate the opening <html> tag at the beginning of your file.
  • Step 3: Insert the following code immediately after the opening <html> tag:

    <!-- saved from url=(0014)about:internet -->

Step 3: Modify Object Tag Attributes

The final step is to modify the attributes of the <object> tag that embeds your ActiveX control in your HTML file. By specifying certain attributes, we can indicate that this control is safe for scripting.

To modify the object tag attributes, follow these steps:

  • Step 1: Locate the <object> tag that embeds your ActiveX control within your HTML file.
  • Step 2: Add the following attributes to the <object> tag:

    classid="clsid:YOUR_CLSID_HERE" codebase="URL_TO_CAB_FILE"

Replace YOUR_CLSID_HERE with the CLSID you obtained in Step 1. Additionally, replace URL_TO_CAB_FILE with the URL to the CAB (Cabinet) file that contains the installation package for your ActiveX control.


If you don’t have a specific CAB file for your control, you can omit the codebase attribute. However, this may limit compatibility with certain versions of Internet Explorer.

An Example of Modified Object Tag

<object classid="clsid:YOUR_CLSID_HERE" codebase="URL_TO_CAB_FILE">

Once you have completed these steps, save your HTML file and open it in a web browser that supports ActiveX controls. The marked control should now be considered safe for scripting and able to execute scripts within your webpage.

Note: Modifying security settings to mark an ActiveX control as safe for scripting should only be done when you are confident about the control’s source and trustworthiness. Using untrusted controls or misconfiguring security settings can expose users to potential security risks.

In Conclusion

In this tutorial, we explored how to mark an ActiveX control as safe for scripting using HTML. By following these steps, you can ensure that trusted controls are able to execute scripts within your web pages, enhancing their interactivity and functionality. Remember to exercise caution when modifying security settings and only mark controls as safe when you fully trust their source.

Discord Server - Web Server - Private Server - DNS Server - Object-Oriented Programming - Scripting - Data Types - Data Structures

Privacy Policy