Microsoft Knowledge Base Article
This article contents is Microsoft Copyrighted material.
©2005-©2007 Microsoft Corporation. All rights reserved.
Terms
of Use |
Trademarks
Article ID: 262236 - Last Review: October 15, 2002 - Revision: 1.3
FIX: XSL Script Can Modify DOM in Internet Explorer
This article was previously published under Q262236
The MSXML 2.0 parser allows an XSL script block to modify the contents of the Document Object Model (DOM) when loaded in Microsoft Internet Explorer. This should not be allowed and is not possible from another container, such as Microsoft Windows Scripting Host or Microsoft Visual Basic.
Version 2.5 (5.0.2920.0) of the MSXML parser corrects this problem.
Microsoft has confirmed that this is a bug in the Microsoft products that are listed at the beginning of this article.
This problem was corrected in MSXML version 2.5.
To download the latest version of MSXML, go to:
http://msdn.microsoft.com/xml/default.asp.
(http://msdn.microsoft.com/xml/default.asp)
Steps to Reproduce Behavior
- Insert the following code into a new text document and save the document as repro.xml:
<?xml version="1.0" ?>
<?xml:stylesheet type="text/xsl" href="repro.xsl"?>
<doc>
<original/>
<invokechange/>
</doc>
- Insert the following code into a new text document and save the file as repro.xsl in the same location as the previous document:
<xsl:stylesheet language="JScript" xmlns:xsl="http://www.w3.org/TR/WD-xsl">
<xsl:template match="http://support.microsoft.com">
<B>Behavior Repro Code for Microsoft Knowledge Base Article Q262236</B>
<BR/><BR/>
<xsl:apply-templates select="http://support.microsoft.com//invokechange" />
<xsl:apply-templates select="http://support.microsoft.com//original" />
<xsl:apply-templates select="http://support.microsoft.com//changed" />
</xsl:template>
<xsl:template match="invokechange">
Delete original and add changed to DOM =
<xsl:eval>ChangeDOM(this);</xsl:eval>
<xsl:apply-templates />
<BR/>
</xsl:template>
<xsl:template match="original">
Original value =
<xsl:value-of />
<xsl:apply-templates />
<BR/>
</xsl:template>
<xsl:template match="changed">
Changed value =
<xsl:value-of />
<xsl:apply-templates />
<BR/>
</xsl:template>
<xsl:script language="JScript">
function ChangeDOM(oNode)
{
oParent=oNode.parentNode
oFirstChild=oParent.childNodes[0];
oParent.removeChild(oFirstChild);
oDoc=oNode.ownerDocument
oChanged=oDoc.createElement("changed");
oChanged.text="I was added";
oParent.insertBefore(oChanged,oNode);
return "Success"
}
</xsl:script>
</xsl:stylesheet>
- Load the repro.xml file into a Microsoft Internet Explorer Web browser on a computer with MSXML 2.0 installed. The output shows that the "original" node was removed and a new node named changed was added. The XML DOM should not be altered from an XSL script.
| kbbug kbfix kbmsxml250fix kbmsxmlnosweep KB262236 |
Community Feedback System
Very often, it takes hours to solve a problem. Very often, you've looked high
and low, and have tried a lot of solutions. When you finally found it, chances
are, it was because someone else helped you. Here's your chance to give back.
Use our community feedback tool to let others know what worked for you and what
didn't.
Please also understand that the community feedback system is not warranted to be
correct, it's simply a system that we've built to let people try and help each
other. If something in a feedback response doesn't make sense to you, or you're
not comfortable making changes that the feedback talks about (like registry
edits), please consult a professional.
Thank you for using kbAlertz.com Feedback System.
-- Scott Cate