WiseMo Guest Component API
SiteLockTool.exe Reference

SiteLockTool.exe

This command-line utility allows inspecting and managing the list of 
trusted sites built into the control. SiteLockTool.exe can be found 
in the 'tools' folder of the WGuest installation.

Any changes made by SiteLockTool.exe to OCX file will invalidate 
the WiseMo code signature.

Usage

To write new list of allowed sites into the control:
\n <tt> sitelocktool WGuestX.ocx locks.txt </tt>
\n <tt> sitelocktool npWGuest.dll locks.txt </tt>

To show currently allowed sites in the control:
\n <tt> sitelocktool WGuestX.ocx </tt>
\n <tt> sitelocktool npWGuest.dll </tt>

Description

List is provided in UTF8 or ASCII-7 text file that has the following format:


...
allow|deny  file|http|https  *|<domain>|<zone>
trust http|https <domain>
...

allow/deny lines form the ActiveX trusted sites list.

trust lines register domains in the Internet Explorer Trusted Sites security zone. Domain in trust lines cannot have wildcards or other special characters.

zone is one of LOCAL | INTRANET | TRUSTED | INTERNET | UNTRUSTED and stands for IE security zone (supported in Internet Explorer only, with other browsers zone is always INTERNET).

If you want to allow control for "safe" zones, you will have to write line for each, that is 

allow http LOCAL
allow http INTRANET
allow http TRUSTED
allow https LOCAL
allow https INTRANET
allow https TRUSTED

domain can be any domain part of url in accordance with the following format (based on SiteLock 1.15 Template for ActiveX Controls documentation by Microsoft Corporation): 

The record is considered a match if the domain matches the domain of the URL exactly, or if the URL is a sub-domain of an exact match. 
For example:
example.com matches example.com
example.com matches foo.example.com 
example.com does not match myexample.com
example.com does not match www.example.com.hacker.com

If the domain begins with "*." only child domains match.
*.example.com matches bar.example.com
*.example.com does not match example.com

If the domain begins with "=" only the specified domain matches.
=example.com matches example.com
=example.com does not match www.example.com

The wildcard character (*) matches all domains and can be used to create a generic allow rule for a specific protocol scheme. 
You do not need to create a generic deny rule, as all domains are disallowed by default.
When constructing a trusted sites list, consider whether your control might be accessed from a URL without a leading www, 
as "example.com" instead of "www.example.com." 
If matching any subdomain of your site is acceptable (often the desired behavior), "example.com" by itself will do. 
However, to include only "example.com" by itself, create a separate rule using an equal sign, as follows:
allow http =example.com

These rules work in order they are presented in the file.

Starting with state no site is allowed you can add schemes, zones and domains and further exclude some unwanted zones and domains.

Generated by   doxygen 1.8.10