Microsoft Knowledge Base Article
This article contents is Microsoft Copyrighted material.
©2005-©2007 Microsoft Corporation. All rights reserved.
Terms
of Use |
Trademarks
Article ID: 290908 - Last Review: October 16, 2002 - Revision: 1.4
FIX: XML Improperly Loads Data Through an ASP Redirect Across Domains or Protocols
This article was previously published under Q290908
You are able to load an XML document by using an Active Server Pages (ASP) page that redirects output from a file on a different domain or through a different protocol from the original request, but you expect the attempt to redirect to be denied.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.
This bug was corrected in Microsoft XML 3.0 Service Pack 1.
For additional information on other fixes included in Microsoft XML 3.0 Service Pack 1, click the article number below
to view the article in the Microsoft Knowledge Base:
292935Â
(http://kbalertz.com/Feedback.aspx?kbNumber=292935/EN-US/
)
INFO: List of Issues Fixed in Microsoft XML 3.0 Service Pack 1
For the latest information and downloads of MSXML, refer to the following MSDN Web site at:
Steps to Reproduce Behavior
- Create the testredirect HTML document.
- Create a new text document by using Microsoft Notepad or another text editor.
- Paste the following code into the new text document:
<HTML>
<HEAD>
<TITLE>Repro Code for Q290908</TITLE>
</HEAD>
<BODY>
There should be an error, but with versions of MSXML prior to MSXML 3, SP1, there is none.
<SCRIPT FOR=window EVENT=onload>
document.expando = false;
Verify();
function Verify()
{
var strResponse = "";
var xmlDoc = new ActiveXObject("MSXML2.DOMDocument");
xmlDoc.async = false;
try
{
var fileName = "http://localhost/redirect1.asp" ;
xmlDoc.load(fileName);
strResponse = "No error in loading:\n" + fileName;
strResponse += "\n";
strResponse += xmlDoc.xml;
}
catch(e)
{
strResponse = "file : " + fileName + "\n";
strResponse += "error# :\n";
strResponse += e.number + "\n";
strResponse += "description :\n*";
strResponse += e.description + "*";
}
alert(strResponse);
}
</SCRIPT>
</BODY>
</HTML>
- Save the text file as C:\InetPub\wwwroot\testredirect.html.
- Create the redirect1 ASP page, which will redirect to the third ASP page, using the file:// protocol.
- Create a new text document by using Microsoft Notepad or another text editor.
- Paste the following code into the new text document:
<%@ Language=VBScript %>
<%
Response.Redirect "file://c|\inetpub\wwwroot\redirect2.asp"
%>
- Save the text file as C:\InetPub\wwwroot\redirect1.asp
- Create the redirect2 ASP page.
- Create a new text document by using Microsoft Notepad or another text editor.
- Paste the following code into the new text document:
<%@ Language=VBScript %>
<%
Response.ContentType = "text/xml"
Response.Write "<test>This is a test</test>"
%>
- Save the text file as C:\InetPub\wwwroot\redirect2.asp
- Browse to the test.html from a computer on which MSXML 3.0 Service Pack 1 has not been installed, and note that the code does not produce an Access Denied error as it should, but improperly loads the data.
APPLIES TO
- Microsoft XML Parser 2.0
- Microsoft XML Parser 2.5
- Microsoft XML Parser 2.6
- Microsoft XML Parser 3.0
| kbbug kbfix kbmsxml300sp1fix kbmsxmlnosweep KB290908 |
Community Feedback System
Very often, it takes hours to solve a problem. Very often, you've looked high
and low, and have tried a lot of solutions. When you finally found it, chances
are, it was because someone else helped you. Here's your chance to give back.
Use our community feedback tool to let others know what worked for you and what
didn't.
Please also understand that the community feedback system is not warranted to be
correct, it's simply a system that we've built to let people try and help each
other. If something in a feedback response doesn't make sense to you, or you're
not comfortable making changes that the feedback talks about (like registry
edits), please consult a professional.
Thank you for using kbAlertz.com Feedback System.
-- Scott Cate