Mind Your Parameters

A recent blog post reminded me that I should blog about a bad pattern we saw a few months back while trying to fix some application compatibility bugs with IE10. It turns out that a lot of applications that want to invoke a webpage call ShellExecute without reading the documentation for the parameters of that function.

   HINSTANCE ShellExecute(
  __in_opt HWND hwnd,
  __in_opt LPCTSTR lpOperation,
  __in LPCTSTR lpFile,
  __in_opt LPCTSTR lpParameters,
  __in_opt LPCTSTR lpDirectory,
  __in INT nShowCmd
);

A hastily-written program will do something like

   ShellExecute(0, NULL, https://example.com/whatever, NULL, NULL, NULL, NULL);. 

A key problem is that last parameter. nShowCmd is any of the show commands, and NULL/0 map to SW_HIDE.

Now, in practice this often didn't matter in the past because IE was usually invoked via DDE, and the SW_HIDE would be ignored. In the IE10 Developer Preview, IE switched over to using COM for invocation, and the SW_HIDE parameter would result in a hidden IE instance opening, just as the caller had requested... but not what the developer probably expected.

-Eric