ActiveX is a Microsoft component object technology enabling Windows programs to load and use other programs or objects at runtime. ActiveX controls are basically subprograms launched by the browser that can interact with page content. For example, if a <textarea> provided insufficient editing capabilities for a particular task, the page author might include an ActiveX control that provides an editor interface similar to that of MS Word.
While on the surface ActiveX controls might seem a lot like Java applets, the two technologies are not at all alike. For one, once an ActiveX control is installed on the user’s machine, it is given greater access to the local system. This loosened security stance means that controls can access and change files, and do all manner of other powerful yet potentially unsavory things. Since ActiveX controls are executable code, they are built for a specific operating system and platform. This means that they are minimally supported outside of Internet Explorer, and not at all outside of Windows.
Whereas Java applets are downloaded when they are needed, ActiveX controls are, like plug-ins, persistent once they are installed. This installation process is often automatic, which is both good and bad. It is good in the sense that it obviates the need to have the user manually install a required component. But it is also a security risk because most users could be easily fooled into accepting the installation of a malicious control. We’ll have more to say about the security of ActiveX controls in Chapter 22.
Including ActiveX Controls
An ActiveX control is embedded in the page using an <object> tag with the classid attribute specifying the GUID (Globally Unique Identifier) of the ActiveX control you wish to instantiate. The syntax is similar to that of the <object> syntax for the inclusion of applets. Parameters are passed using <param> elements, and anything included between the <object>‘s opening and closing tags is processed by non- <object> -aware browsers; for example:
This example defines an embedded Flash file for use with an ActiveX control. In general, ActiveX controls have classid attributes beginning with “clsid:.” We saw another possibility in a previous section where the classid began with “java:.” In general, the classid attribute specifies the unique identifier of the control for which the data is intended. The classid value for each ActiveX control is published by the vendor, but it is also commonly inserted by Web development tools such as Macromedia Dreamweaver (www.macromedia.com/dreamweaver).
The final item of note is the codebase attribute specifying the version of the ActiveX binary that is required for this particular object. The classid and codebase attributes serve the function that manual probing of plug-ins does under Netscape. If the user’s machine doesn’t have the required control or version, the user will be prompted to download it from the given location.