Determines the policy for a specified action and displays a prompt, if the policy calls for one.
HRESULT ProcessUrlActionEx2( [in] IUri *pUri, [in] DWORD dwAction, [out] BYTE *pPolicy, [in] DWORD cbPolicy, [in] BYTE *pContext, [in] DWORD cbContext, [in] DWORD dwFlags, [in] DWORD dwReserved, [out] DWORD *pdwOutFlags );
A pointer to an IUri interface that specifies the URL.
A DWORD that specifies the action to be performed. This can be one of the URL Action Flags values.
Required. A pointer to a buffer that receives the policy and action for the specified URL. This must be one of the URL Policy Flags values.
DWORD that specifies the size of the buffer pPolicy. Should be at least sizeof(DWORD).
A pointer to a buffer that contains the context information (a CLSID) used by the delegation routines. Can be set to NULL.
A DWORD that specifies the size of the buffer pContext, or 0 if pContext is NULL.
A DWORD that specifies a PUAF enumeration value or values.
Reserved. Must be set to NULL.
A pointer to a DWORD that gets the PUAFOUT value that specifies whether the lockdown zone was used.
Returns one of the following values.
Success. The URL policy is URLPOLICY_ALLOW.
Found a valid URL policy that is not URLPOLICY_ALLOW.
There is not enough memory to complete the operation.
URI is null.
Failed to initialize the ZoneManager.
This method can also return an HRESULT derived from the Microsoft Win32 error code ERROR_NOT_FOUND to indicate that the URL action cannot be read from the registry.
If FEATURE_PROTOCOL_LOCKDOWN is enabled for the current process, and URLACTION_ALLOW_RESTRICTEDPROTOCOLS is set to URLPOLICY_DISALLOW or URLPOLICY_QUERY for the zone of the URL, the caller can indicate that the URL value can be read from the lockdown zone. It can indicate whether it read the policy from the default security zone or from the Lockdown_Zones registry key. IInternetSecurityManagerEx2::ProcessUrlActionEx2 can inform the caller about the choice of zone setting made through the PUAFOUT flags parameter.
Security Warning: Incorrect implementation of this method can compromise the security of your application. A custom implementation of ProcessUrlActionEx should only process URL actions that the default application cannot or should not handle. For all other URL actions, this method should return INET_E_DEFAULT_ACTION. An attempt to duplicate the default implementation can result in incorrectly processing of URL actions and might leave users susceptible to elevation of privilege attacks. Review Security Considerations: URL Security Zones API before you continue.
Note If you create your own implementation of this method, you must set the pPolicy value before you return a success code (S_OK or S_FALSE).
Minimum supported client
Windows XP with SP2
Minimum supported server
Windows Server 2003 with SP1
Internet Explorer 7