|
Sub Minimize()
Minimizes the window.
Sub Move(XPos As Long, YPos As Long, Width As Long, Height As Long)
Moves the window to a given screen position (starting from the 0:0 coordinate corresponding to the top left of the primary display). The Width and Height arguments are optional, and allow to set the position and size of the window in a single step.
Sub PlaySound(File As String, Wait As Boolean)
Plays a sound file in Windows wave format (WAV). For maximum compatibility with older versions of Windows (including Windows 95), WAV sound files should be saved using either the Windows PCM (uncompressed pulse code modulation) codec or the Microsoft ADPCM (slightly lossy 4:1 compression) codec. This method does normally not interrupt any previously-playing sound. In order to interrupt a sound the method must be invoked with an empty file name, after which the method can be invoked again to play a new sound. If the Wait argument is true, the function returns only after the sound file has been played to its end. The default value is False (the function returns immediately).
Sub Restore()
Restores the window (which may be in a minimized or maximized state) to its default open size.
Sub SetNV(VariableName As String, Value as String)
Defines a MenuBox nonvolatile variable within the publisher's namespace, if not already defined, and sets its value. The variable is stored in the system registry for the current user and is persistent across reboots. The variable can be read with the GetNV method.
The maximum length of a nonvolatile variable name is 254 characters. Quote, slash and backslash characters are not allowed (if used, """, "/", "\" and ":" are converted to underscore characters). The maximum size of the value is 2048 characters.
If the value is set to a null string, then the nonvolatile MenuBox variable, if it existed, is deleted. Once the last variable set by a publisher is deleted, the entire registry key containing it is also deleted with it, restoring the user's registry to a "clean" state, i.e. as it was before the first variable was set.
This function can be disabled (e.g. for security considerations when opening pages in unknown and untrusted internet sites) by setting the NoRegistry key.
Sub Size(Width As Long, Height As Long)
Sets the size of the window.
Properties:
Property Architecture As String
Returns the architecture of the host operating system, i.e. "x86" or "x64".
Property Language As String
Returns a two-letter language code string as per ISO 639-1 (e.g. "en" for English, "de" for German, "es" for Spanish, "fr" for French, "it" for Italian, etc.) indicating the current user locale. If the current user locale is unknown, "en" is returned.
Property Medium As Long
Returns a single integer value indicating the type of medium from which MenuBox is running. Possible values are 0 (medium type cannot be determined), 1 (error determining medium type), 2 (removable media, e.g. floppy disk or removable hard disk), 3 (non-removable disk), 4 (network drive), 5 (CD or DVD) and 6 (RAM disk).
Property MenuBoxVersion As Long
Returns a single integer value consisting of the major program version number multiplied by 100, plus the minor version number (which is always in the range from 0 to 99). For example, version "2.0" (the first version implementing the MenuBox Extended DOM) is returned as 200. Version 12.34 would return a value of 1234, etc.
Property Title As String
Gets or sets the title of the MenuBox browser container window.
Playing Safe: Object Detection and Fallback
The functionality provided by the MenuBox Extended DOM is only available on Windows 98 or higher, or if Internet Explorer 4 or higher was installed on older systems. Invoking functions such as window.external.close() from Windows 95 or Windows NT 4.0 with Internet Explorer 3 will result in a script error (earlier versions of Internet Explorer were neither widespread nor did they support scripting). This can be avoided either by using object detection code as shown below, or by using the MenuBoxBrowser key in the [ApplicationCheck] section to verify that Advanced functionality is supported.
MenuBox includes a redistributable JavaScript (also referred to as ECMAScript and JScript) file named menubox.js, which defines a set of intermediate JavaScript functions which invoke the corresponding MenuBox functions only if the MenuBox Extended DOM is available. The menubox.js JavaScript file should be referenced by means of a SCRIPT element inside the HEAD element of an HTML document.
<head> ... <script language="JavaScript" fptype="menubox" src="menubox.js"></script> </head>
The intermediate JavaScript functions, such as menubox_close(), can safely be used instead of window.external.close(), regardless of operating system and browser version. In the worst case, i.e. if the MenuBox Extended DOM is unavailable, the script invokes similar functionality, which however usually requires user confirmation before a window is closed or a file is executed or saved (e.g. "The Web page you are viewing is trying to close the window. Do you want to close this window?" and "Would you like to open the file or save it to your computer?").
The JavaScript code has been tested not only in MenuBox (on systems with Internet Explorer 3 and higher), but also with different versions of Internet Explorer, Netscape Navigator, and Opera. Some versions of the Microsoft FrontPage Preview mode browser have a known problem with object detection code, and may display a script error message (which does not otherwise affect document editing or preview). The above example includes an fptype tag, which is used by FrontPage, and which is ignored by the browser.
Security Considerations
The MenuBox Extended DOM allows HTML code to perform certain actions that are normally reserved to binary applications (such as, for example, non-HTML AutoRun tools). Whereas this does not introduce any new security implications when running in a local context (e.g. CD or DVD AutoRun), this is normally considered "dangerous" when running in an untrusted internet context (e.g. MenuBox used to operate a kiosk with general internet access).
The MenuBox Extended DOM inherits and is bound by the security privileges of the MenuBox application itself. More specifically, because the MenuBox redistributable runtime code is digitally signed with Microsoft Authenticode technology, MenuBox is bound by the policies which apply to signed applications.
When a user and/or an administrative policy allow the MenuBox executable to run (from a CD or DVD, or after software installation, etc.), that implies that MenuBox has been trusted and authorized to act as a menu-like front-end for opening certain known documents and programs. This is perfectly fine, and would apply in exactly the same way to any installed or AutoRun-launched application. Because normal web browsers were designed to protect the user from executing unknown and potentially malicious code in an unknown internet environment, rather than being deployed in a controlled distribution, much of the "trusted" functionality is normally not accessible to Dynamic HTML content, which is not even allowed to close the browser window without a warning message being displayed to the user (not to mention running an executable file). When operating in this context, the MenuBox Extended DOM provides a useful extension to the functionality which is normally accessible to HTML code, allowing the browser container to operate like a binary application, without introducing new security risks compared to other applications.
The GetRegistry method of the MenuBox Extended DOM gives read-only access to registry keys and values, with functionality being limited to checking whether a key exists and to read an existing value. In consideration of possible security concerns, MenuBox offers no functionality to write to an arbitrary registry location.
The GetNV and SetNV methods of the MenuBox Extended DOM provide read/write access to nonvolatile variables. This information is stored in the current user's registry, inside a publisher-specific subkey (a publisher is a MenuBox licensee with a unique software license key) stored inside a MenuBox-specific key (effectively, a sandbox).
In consideration of possible security concerns, the name of the variables is both normalized (""", "/", "\" and ":" are converted to underscore characters) and truncated after 254 characters to help prevent potential buffer overrun, key traversal and other exploits. A maximum size of 2048 bytes is enforced for all values. As is the case with public Windows registry key, any application that can read or write to the system registry can access or modify these variables, which are simple and accessible by design.
If MenuBox is used to operate a kiosk-like environment with general access to untrusted internet sites, then it would in theory be possible, for example, for a malicious person to access the kiosk and deliberately open an internet page containing malicious code, and execute that code via the MenuBox Execute function. On newer versions of Windows (Windows XP SP1 and higher) this attempted execution of code originating from the internet would in turn trigger the display of a warning message. When operating in such an untrusted context it is in general recommended to disable such functionality by setting the MenuBox NoExecute key. It would in theory also be possible to use the SetNV function to write a large number of nonvolatile variables, with the potential to fill up the registry. This can be prevented by setting the NoRegistry key, which at the same time also blocks all registry access, including the read-only access provided by the GetRegistry method.
«
| 
