What can't I use when UseSafeSubset is true?

Question

When I use an MSScriptControl in VB6, and set UseSafeSubset = True, what kind of things can't I do? I mean, what Controls can't I use? Or maybe some core Objects can't be instantiated or used? Maybe I can't CRUD files? I need a definitive list, please.

This thread tells of a special flag in the registry that sets which controls are blocked when UseSafeSubset = True, but it doesn't elaborate on it. It says it should be easy to search, but two days of Googling found nothing.

Answer 1

VBScript had all unsafe commands from VBA removed. So no file or registry access. Only CreateObject/GetObject can affect the system.

From Help (MsScript.hlp in C:\Windows\System32)

Remarks

The scripting engine in use determines if, and when, the UseSafeSubset property is set. If no language is specified (Language property), the UseSafeSubset can be set at any time.

The objects and procedures that can't be used when UseSafeSubset is True are identical to those restricted by the browser's highest security setting.

The Browser uses this (and IOleSafety). From MSDN Oct 2001

As mentioned previously, Internet Explorer examines the system registry to determine whether a control is safe for initialization and/or scripting. Internet Explorer examines the registry by calling the ICatInformation::IsClassOfCategories method to determine if the control supports the given category (safe for initializing or safe for scripting).

If a control uses the Component Categories Manager to register itself as being safe, the registry entry for that control contains an Implemented Categories key, which contains one or two subkeys. One subkey is set if the control supports safe initialization, and the other subkey is set if the control supports safe scripting. The safe initialization subkey corresponds to CATID_SafeForInitializing; the safe scripting subkey corresponds to CATID_SafeForScripting. (Unlike the other subkeys for the component categories that are defined in the Comcat.h file, the subkeys for safe initialization and scripting are defined in Objsafe.h.)

See URL Security Zones for what is restricted This is the High Template (aka Restricted Zone)

URL action URL policy 
URLACTION_ACTIVEX_OVERRIDE_OBJECT_SAFETY URLPOLICY_DISALLOW 
URLACTION_ACTIVEX_RUN URLPOLICY_DISALLOW 
URLACTION_CHANNEL_SOFTDIST_PERMISSIONS URLPOLICY_CHANNEL_SOFTDIST_PROHIBIT 
URLACTION_COOKIES URLPOLICY_DISALLOW 
URLACTION_COOKIES_SESSION URLPOLICY_DISALLOW 
URLACTION_CREDENTIALS_USE URLPOLICY_CREDENTIALS_MUST_PROMPT_USER 
URLACTION_CROSS_DOMAIN_DATA URLPOLICY_DISALLOW 
URLACTION_DOWNLOAD_SIGNED_ACTIVEX URLPOLICY_DISALLOW 
URLACTION_DOWNLOAD_UNSIGNED_ACTIVEX URLPOLICY_DISALLOW 
URLACTION_HTML_FONT_DOWNLOAD URLPOLICY_QUERY 
URLACTION_HTML_SUBFRAME_NAVIGATE URLPOLICY_DISALLOW 
URLACTION_HTML_SUBMIT_FORMS URLPOLICY_QUERY 
URLACTION_HTML_USERDATA_SAVE URLPOLICY_DISALLOW 
URLACTION_JAVA_PERMISSIONS URLPOLICY_JAVA_HIGH 
URLACTION_SCRIPT_JAVA_USE URLPOLICY_DISALLOW 
URLACTION_SCRIPT_PASTE URLPOLICY_DISALLOW 
URLACTION_SCRIPT_RUN URLPOLICY_ALLOW 
URLACTION_SCRIPT_SAFE_ACTIVEX URLPOLICY_DISALLOW 
URLACTION_SHELL_FILE_DOWNLOAD URLPOLICY_DISALLOW 
URLACTION_SHELL_INSTALL_DTITEMS URLPOLICY_DISALLOW 
URLACTION_SHELL_MOVE_OR_COPY URLPOLICY_QUERY 
URLACTION_SHELL_VERB URLPOLICY_DISALLOW