IInternetSecurityManager::ProcessUrlAction method

Determines the policy for the specified action and displays a user interface, if the policy indicates that the user should be queried.


HRESULT ProcessUrlAction(
  [in]  LPCWSTR pwszUrl,
  [in]  DWORD   dwAction,
  [out] BYTE    *pPolicy,
  [in]  DWORD   cbPolicy,
  [in]  BYTE    *pContext,
  [in]  DWORD   cbContext,
  [in]  DWORD   dwFlags,
  [in]  DWORD   dwReserved


  • pwszUrl [in]
    A constant pointer to a wide character string that specifies the URL.

  • dwAction [in]
    A DWORD that specifies the action to be performed. This can be one of the URL Action Flags values.

  • pPolicy [out]
    Required. A pointer to a buffer that receives the policy and action for the specified URL. This must be one of the URL Policy Flags values.

  • cbPolicy [in]
    A DWORD that specifies the size of the buffer pPolicy.

  • pContext [in]
    A pointer to a buffer that contains the context information (a CLSID) used by the delegation routines. Can be set to NULL.

  • cbContext [in]
    A DWORD that specifies the size of the buffer cbContext.

  • dwFlags [in]
    A DWORD that specifies a PUAF enumeration value or values.

  • dwReserved [in]
    Reserved. Must be set to NULL.

Return value

Returns one of the following values.

Return code Description

Success. The URL policy is URLPOLICY_ALLOW.


Found a valid URL policy that is not URLPOLICY_ALLOW.


There is not enough memory to complete the operation.


URI is null.


Failed to initialize the ZoneManager.



This method can also return an HRESULT derived from the Microsoft Win32 error code ERROR_NOT_FOUND to indicate that the URL action cannot be read from the registry.

Security Warning: Incorrect implementation this method can compromise the security of your application. A custom implementation of IInternetSecurityManager::ProcessUrlAction should only process URL actions that the default application cannot or should not handle. For all other URL actions, this method should return INET_E_DEFAULT_ACTION. Attempting to duplicate the default implementation might result in incorrectly processing URL actions and might leave users susceptible to elevation of privilege attacks. Review Security Considerations: URL Security Zones API before continuing.

Microsoft Internet Explorer 6 for Windows XP Service Pack 2 (SP2) and later. Use the CoInternetIsFeatureEnabledForUrl function instead of this method to determine the URL policy for the URLACTION_FEATURE_MIME_SNIFFING URL action, the URLACTION_FEATURE_WINDOW_RESTRICTIONS URL action, or the URLACTION_FEATURE_ZONE_ELEVATION URL action.

Note  If you create your own implementation of this method, you must set the pPolicy value before you return a success code (S_OK or S_FALSE).



Minimum supported client

Windows XP

Minimum supported server

Windows 2000 Server



See also