Hi My app hosts a web browser ctrl in a MFC CHtmlView with a custom control-site implementing IInternetSecurityManager. ProcessUrlAction() is implemented as: { METHOD_PROLOGUE(COleControlSiteEx, InternetSecurityManager) DWORD dwPolicy = URLPOLICY_ALLOW; if ( cbPolicy >= sizeof (DWORD)) { *(DWORD*) pPolicy = dwPolicy; return S_OK; } else return S_FALSE; } Inside the browser runs a page with some vbscript that calls back into the app's object model obtained through window.external. This all works great on IE6, but it doesn't work on IE7, must be something with the new security model, but I could not find any info related to window.external restrictions... Any advice would be appreciated! Bart van Haaff
