Exploring Windows Desktop Gadgets #2 – security and limitations
In this post (second in Exploring Windows Desktop Gadgets series) I’m going to dive deeper into Windows Desktop Gadgets platform and cover its security model and some limitations.
First of all, let me repeat that gadget is a client-side web-application running in chromeless mode on your desktop. It’s similar to HTA but provides a whole new set of functionality and also has some restrictions compared to HTA.
Gadgets security model
But as gadgets are installed by user, so it’s his choice to run them, all functionality that MSHTML can provide is enabled (*). MSDN says:
The MSHTML runtime is configured with the set of permissions given to HTAs or the Local Machine Zone security configuration.
This rises a very important point – don’t install gadgets from non trusted sources. Or if you do, please inspect the code before you install the gadget. As Gadget runs under current user account, it won’t be able to delete system32 directory or do any other critical damage to the system. But it will surely succeed in deleting your documents or photos.
And of course, as any other Microsoft technology, Gadgets can be fully controlled by Group Policy.
The main limitation to me is that there’re no modal dialogs. No alerts, no window.confirm, nothing. So if you want to do a quick debug, you have to dump data to the document itself or use a script debugger.
In one of the next posts on this topic I will cover debugging gadgets.