ActiveQt doesn't support sandboxing

Windows have since Vista supported a mandatory access control scheme referred to as Windows Integrity Mechanism, which can be used for application sandboxing. The CLSCTX_ENABLE_CLOAKING flag introduced in QTBUG-70744 can be combined with the instructions on https://msdn.microsoft.com/en-us/library/bb625960.aspx to instantiate ActiveX controls built as EXE in a limited privilege "low integrity" process. However, this doesn't work yet due to window parenting issues.

More specifically, the CreateWindow call in ActiveQt-based controls fail with ERROR_ACCESS_DENIED, since it doesn't have permission to assign the container window as parent. According to https://groups.google.com/forum/#!topic/microsoft.public.win32.programmer.kernel/h7tsbl_OdR4 this is a known issue that is worked around by setting the parent window in the "high integrity" container process.

Google Chrome already does this, and the implementation is found in https://github.com/chromium-googlesource-mirror/chromium/blob/master/src/content/browser/plugin_process_host.cc#L58