问题描述
下面的代码示例在组策略禁用宏时导致MSWord的本机文档比较功能出现问题: https://docs.microsoft.com/en-us/office/dev/add-ins/design/using-office-ui-fabric-react
为什么MSWord将基本的office.js加载项标识为宏?此helloWorld示例代码中没有宏?具有安全意识的客户不希望为了使用文档比较功能而降低其安全策略。还有另一种方法来抑制这些烦人的消息框,因为要求最终用户在每个文档比较操作上单击“确定”二十次,这是一种糟糕的用户体验。
注意:信任中心中的宏设置没有任何作用,以防止在适当位置使用组策略时显示这些消息框。目前尚不清楚是什么导致此问题的组策略设置,但我怀疑其设置为“阻止宏在Internet上的Office文件中运行”。
目前尚不清楚的是为什么来自应用程序源商店的Wikipedia加载项不会干扰文档比较,而上面的helloWorld示例确实如此。必须有一种信任office.js加载项的方式来抑制此警告,而不必破坏公司的安全策略?
环境:
Microsoft Word for Office 365 MSO(16.0.12527.20612)32位
Windows 10企业版1809
Visual Studio Code 1.48版
Node.js v12.14.1
回购步骤:
-
按照上面有关helloWorld示例的详细文章
-
通过组策略管理应用严格的宏策略(确切的策略设置是未知的。我正在尝试从我们的IT支持部门获取此信息,以准确确定哪个设置触发了这些宏警告-“否”不是信任中心宏设置,因为此设置不会显示/禁止此宏警告)
-
在打开MSWord的情况下(无论侧边栏中是否加载了helloWorld加载项,仅与MSWord关联就足够了)尝试通过[Review]选项卡进行文档比较操作。>
从笔记本电脑中删除公司安全组策略可以解决此问题。重新设置组策略会重新产生问题。尚不清楚此策略中的哪个设置导致了问题。无论该组策略如何,都可以信任应用程序源商店中的Wikipedia加载项。作为最低要求,我们需要向客户提供有关安全约束/设置的详细信息。理想情况下,我想知道Wikipedia加载项是如何被信任的,从而不管组策略设置如何,这些警告都被抑制
更新 将加载项的SSL证书添加到Trusted Publishers存储中没有什么区别。
我尝试了在应用程序源商店中找到的其他一些应用程序,结果不一:
AppName(发布者):结果
维基百科(微软):比较正常工作
Pickit(www.pickit.com):比较被20个宏警告消息框打断的情况
ScriptLab(Microsoft):比较被20个宏警告消息框打断的情况
Microsoft Dynamics(Microsoft):比较正常工作
发布位置或发布者似乎都不会影响比较功能的结果
更新
有趣的更新
上面的组策略详细信息,文档比较操作和manifest.xml文件中的ExtensionPoint xml元素之间似乎发生了意外的交互。如果删除了extensionPoint元素,则在文档比较操作期间将不再显示宏警告。但是,删除此元素意味着我们不再具有通过该图标加载应用程序的图标-迫使最终用户为每个文档重新添加该加载项,但这并不是真正的解决方案。请参见下面的manifest.xml文件:
<?xml version="1.0" encoding="UTF-8"?>
<OfficeApp
xmlns="http://schemas.microsoft.com/office/appforoffice/1.1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:bt="http://schemas.microsoft.com/office/officeappbasictypes/1.0"
xmlns:ov="http://schemas.microsoft.com/office/taskpaneappversionoverrides"
xsi:type="TaskPaneApp">
<!-- Begin Basic Settings: Add-in metadata,used for all versions of Office unless override provided. -->
<!-- IMPORTANT! Id must be unique for your add-in,if you reuse this manifest ensure that you change this id to a new GUID. -->
<Id>69de862e-09ee-4ec4-85a4-f230fa10cbc0</Id>
<!--Version. Updates from the store only get triggered if there is a version change. -->
<Version>1.0.0.0</Version>
<ProviderName>CompanyX AddIn</ProviderName>
<DefaultLocale>en-US</DefaultLocale>
<!-- The display name of your add-in. Used on the store and various places of the Office UI such as the add-ins dialog. -->
<DisplayName DefaultValue="CompanyX AddIn" />
<Description DefaultValue="CompanyX AddIn for Office 365" />
<!-- Icon for your add-in. Used on installation screens and the add-ins dialog. -->
<IconUrl DefaultValue="https://companyX.com/images/ds_AddIn_80.png" />
<HighResolutionIconUrl DefaultValue="https://companyX.com/images/ds_AddIn_80.png"/>
<!--If you plan to submit this add-in to the Office Store,uncomment the SupportUrl element below-->
<SupportUrl DefaultValue="https://companyX.com/support.html" />
<!--End Basic Settings. -->
<!--Begin TaskPane Mode integration. This section is used if there are no VersionOverrides or if the Office client version does not support add-in commands. -->
<Hosts>
<Host Name="Document" />
</Hosts>
<DefaultSettings>
<SourceLocation DefaultValue="https://companyX.com/index.html" />
</DefaultSettings>
<!-- End TaskPane Mode integration. -->
<Permissions>ReadWriteDocument</Permissions>
<VersionOverrides xmlns="http://schemas.microsoft.com/office/taskpaneappversionoverrides" xsi:type="VersionOverridesV1_0">
<!-- The Hosts node is required. -->
<Hosts>
<!-- Each host can have a different set of commands. -->
<!-- Excel host is Workbook,Word host is Document,and PowerPoint host is Presentation. -->
<!-- Make sure the hosts you override match the hosts declared in the top section of the manifest. -->
<Host xsi:type="Document">
<!-- Form factor. Currently only DesktopFormFactor is supported. -->
<DesktopFormFactor>
<!--"This code enables a customizable message to be displayed when the add-in is loaded successfully upon individual install."-->
<GetStarted>
<!-- Title of the Getting Started callout. resid points to a ShortString resource -->
<Title resid="CompanyX.GetStarted.Title"/>
<!-- Description of the Getting Started callout. resid points to a LongString resource -->
<Description resid="CompanyX.GetStarted.Description"/>
<!-- Point to a url resource which details how the add-in should be used. -->
<LearnMoreUrl resid="CompanyX.GetStarted.LearnMoreUrl"/>
</GetStarted>
<!-- Function file is a HTML page that includes the JavaScript where functions for ExecuteAction will be called.
Think of the FunctionFile as the code behind ExecuteFunction. -->
<FunctionFile resid="CompanyX.DesktopFunctionFile.Url" />
<!-- PrimaryCommandSurface is the main Office Ribbon. -->
<ExtensionPoint xsi:type="PrimaryCommandSurface">
<!-- Use OfficeTab to extend an existing Tab. Use CustomTab to create a new tab. -->
<OfficeTab id="TabHome">
<!-- Ensure you provide a unique id for the group. Recommendation for any IDs is to namespace using your company name. -->
<Group id="CompanyX.Group1">
<!-- Label for your group. resid must point to a ShortString resource. -->
<Label resid="CompanyX.Group1Label" />
<!-- Icons. Required sizes 16,32,80,optional 20,24,40,48,64. Strongly recommended to provide all sizes for great UX. -->
<!-- Use PNG icons. All URLs on the resources section must use HTTPS. -->
<Icon>
<bt:Image size="16" resid="CompanyX.tpicon_16x16" />
<bt:Image size="32" resid="CompanyX.tpicon_32x32" />
<bt:Image size="80" resid="CompanyX.tpicon_80x80" />
</Icon>
<!-- Control. It can be of type "Button" or "Menu". -->
<Control xsi:type="Button" id="CompanyX.TaskpaneButton">
<Label resid="CompanyX.TaskpaneButton.Label" />
<Supertip>
<!-- ToolTip title. resid must point to a ShortString resource. -->
<Title resid="CompanyX.TaskpaneButton.Label" />
<!-- ToolTip description. resid must point to a LongString resource. -->
<Description resid="CompanyX.TaskpaneButton.Tooltip" />
</Supertip>
<Icon>
<bt:Image size="16" resid="CompanyX.tpicon_16x16" />
<bt:Image size="32" resid="CompanyX.tpicon_32x32" />
<bt:Image size="80" resid="CompanyX.tpicon_80x80" />
</Icon>
<!-- This is what happens when the command is triggered (E.g. click on the Ribbon). Supported actions are ExecuteFunction or ShowTaskpane. -->
<Action xsi:type="ShowTaskpane">
<TaskpaneId>ButtonId1</TaskpaneId>
<!-- Provide a url resource id for the location that will be displayed on the task pane. -->
<SourceLocation resid="CompanyX.Taskpane.Url" />
</Action>
</Control>
</Group>
</OfficeTab>
</ExtensionPoint>
</DesktopFormFactor>
</Host>
</Hosts>
<!-- You can use resources across hosts and form factors. -->
<Resources>
<bt:Images>
<bt:Image id="CompanyX.tpicon_16x16" DefaultValue="https://companyX.com/images/ds_AddIn_16.png" />
<bt:Image id="CompanyX.tpicon_32x32" DefaultValue="https://companyX.com/images/ds_AddIn_32.png" />
<bt:Image id="CompanyX.tpicon_80x80" DefaultValue="https://companyX.com/images/ds_AddIn_80.png" />
</bt:Images>
<bt:Urls>
<bt:Url id="CompanyX.Taskpane.Url" DefaultValue="https://companyX.com/index.html" />
<bt:Url id="CompanyX.GetStarted.LearnMoreUrl" DefaultValue="https://go.microsoft.com/fwlink/?LinkId=276812" />
<bt:Url id="CompanyX.DesktopFunctionFile.Url" DefaultValue="https://companyX.com/function-file/function-file.html" />
</bt:Urls>
<!-- ShortStrings max characters==125. -->
<bt:ShortStrings>
<bt:String id="CompanyX.TaskpaneButton.Label" DefaultValue="CompanyX AddIn" />
<bt:String id="CompanyX.Group1Label" DefaultValue="Contract Review" />
<bt:String id="CompanyX.GetStarted.Title" DefaultValue="CompanyX AddIn for Office 365." />
</bt:ShortStrings>
<!-- LongStrings max characters==250. -->
<bt:LongStrings>
<bt:String id="CompanyX.TaskpaneButton.Tooltip" DefaultValue="Start CompanyX AddIn" />
<bt:String id="CompanyX.GetStarted.Description" DefaultValue="CompanyX AddIn add-in loaded successfully. Go to the HOME tab and click the 'CompanyX AddIn' button to get started." />
</bt:LongStrings>
</Resources>
</VersionOverrides>
<!-- End Add-in Commands Mode integration. -->
</OfficeApp>
解决方法
在评估了从应用程序商店(从包括Microsoft在内的各种不同发行商处)下载的大量插件之后,很明显问题出在功能区上。
不使用功能区的加载项不会显示宏警告。在文档比较操作过程中,确实使用了使用上面的安全组策略设置的功能区(自定义功能区或家庭功能区)的加载项会被宏警告所淹没。
当然,客户将不愿减少其安全设置以禁止显示这一系列警告消息框。因此,唯一的解决方案是更改加载项的manifest.xml,使其不使用功能区。