This feature can be enabled by setting the XsltSettings.EnableDocumentFunction property to true and passing the XsltSettings object to the Load method. The document() function is disabled by default on the XslCompiledTransform class. When executing the transformation, the XmlResolver is used to resolve the document() function. When compiling a style sheet, the XmlResolver is used for xsl:import and xsl:include resolution. External resources may need to be resolved in the following two cases: The XmlResolver class is used to resolve external resources.
The XSLT language has features such as xsl:import, xsl:include, or the document() function, where the processor needs to resolve URI references. If you cannot verify the source of the style sheet, or if the style sheet does not come from a trusted source, pass in null for the XSLT settings argument. GuidelinesĮnable scripting only when the style sheet comes from a trusted source. Scripting can be enabled by setting the XsltSettings.EnableScript property to true and passing the XsltSettings object to the Load method. Script support is an optional feature on the XslCompiledTransform class that is disabled by default. Scripts can be embedded in a style sheet using the msxsl:script extension element. Attempting to call the AddExtensionObject method without FullTrust permissions results in a security exception being thrown.
#Free password safe xsl code
This ensures that elevation of permissions does not happen when extension object code is executed. The FullTrust permission set is required to support extension objects. Scripts can be embedded in the style sheet using the msxsl:script extension element.Įxtension objects are added using the AddExtensionObject method. These extensions allow the XSLT processor to execute code.Įxtension objects add programming capabilities to XSL transformations. Two popular XSLT extensions are style sheet scripting and extension objects. In order to use XSLT safely, you must understand the types of security issues that arise when using XSLT, and the basic strategies that you can employ to mitigate these risks. It includes many features that, while useful, could also be exploited by outside sources. The XSLT language has a rich set of features that give you a great deal of power and flexibility.
0 kommentar(er)
