Microsoft Knowledge Base Email Alertz
All KB/RSS Links  |  Hot Kb!  |  New Kb!  |  Scott Cate  |  FAQ / KB  |  Web Hosting  |  Unsubscribe  

KBAlertz.com: Lists the issues that are fixed in Microsoft XML 3.0 Service Pack 5. This article also introduces two new properties, a new flag, and a new interface that are included in this service pack.

Receive Microsoft Knowledge Base articles by E-Mail?

Every night we scan the Microsoft Knowledge Base. If technologies you're interested in are updated, we'll send you an e-mail. You only get one e-mail a day, and only when new articles are added.
Click here to create a
FREE account
Already have an account?
[Click here to Login]

Search KbAlertz

Advanced Search

Webmasters
Put kbAlertz on your website.
[ Click Here for more! ]





ASP.NET 3.5 Web Hosting with Windows 2008 and SQL 2008: Click Here!
Discount ASP.NET Hosting
ASP.NET 2.0 and 3.5
Windows2008 and SQL2008
US and UK Hosting
The ad says 3 - but KBAlertz referrals get
** SIX MONTHS FREE **

Bug Tracking Software
For bug tracking software or defect tracking software or issue tracking software, visit Axosoft.

Community Site


We Send hundreds of thousands of emails using ASP.NET Email


Expert Web Design & Graphic Design
Design44.com

ASP.NET 3.5 Web Hosting with Windows 2008 and SQL 2008: Click Here!
Discount ASP.NET Hosting
ASP.NET 2.0 and 3.5
Windows2008 and SQL2008
US and UK Hosting
The ad says 3 - but KBAlertz referrals get
** SIX MONTHS FREE **



Mentioned In







Microsoft Knowledge Base Article

This article contents is Microsoft Copyrighted material.
©2005-©2007 Microsoft Corporation. All rights reserved. Terms of Use | Trademarks



Article ID: 890077 - Last Review: November 16, 2007 - Revision: 2.3

List of bugs that are fixed in Microsoft XML 3.0 Service Pack 5

View products that this article applies to.

On This Page

INTRODUCTION

This article lists the significant changes in Microsoft XML Parser (MSXML) 3.0 Service Pack 5 (SP5). MSXML 3.0 SP5 is included with Microsoft Windows XP Service Pack 2. You can also download MSXML 3.0 SP5 from the Microsoft Download Center:

Collapse this imageExpand this image
Download
Download the MSXML 3.0 SP5 package now. (http://www.microsoft.com/downloads/details.aspx?FamilyID=4a3ad088-a893-4f0b-a932-5e024e74519f&DisplayLang=en)

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591  (http://kbalertz.com/Feedback.aspx?kbNumber=119591/ ) How to obtain Microsoft support files from online services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file. 
Back to the top
MORE INFORMATION
Problems that are fixed in MXSML 3.0 SP5
The following lists the significant general problems that are
		  fixed in MSXML 3.0 SP5. 
		  
  •  Fixes for failures that may occur during low memory
				conditions.
  •  Fixes for memory leak issues. 
  •  Performance enhancements that are related to the internal
				treatment of spin locks and critical section caching. 
  • Fixes for problems that occur in high-stress
				situations.
  •  Fixes for problems that occur while an MSXML application
				is running under Application Verifier.
  •  Fixes for security issues. These issues include enhancing
				security for XMLHTTP host header spoofing and denial-of-service attacks for
				applications that except XML files that may contain many attributes.
The following lists specific problems that are fixed in this
		  service pack: 
Back to the top
  • Applications may stop responding when a document is saved
				to itself. For example, this problem occurs when you use the save method to
				save a file to itself as shown in the following code:
    xmldoc.save(xmldoc)
Back to the top
  •  A problem that occurs when a node from one Document Object
				Model (DOM) document is copied to another DOM document. For example, assume
				that you have node <NX> in a read-only DOM document and node <NY>
				in a read/write DOM document. This problem occurs if you clone the <NX>
				node, and you try to append the <NX> node to the <NY> node. This
				situation is shown in the following code: 
    NY.appendChild( NX.cloneNode(true))

Back to the top
  •  Cached XML files generate unnecessary HTTP GET requests
				for embedded XML/Extensible Stylesheet Language for Transformation (XSLT)
				files. For example, if you load an .xml file that contains an .xsl file that
				refers to another .xml file, the referenced files are refreshed even though the
				.xml file was cached.
Back to the top
  • The XMLHTTP object crashes when multiples of 4092 bytes of data are sent by
				using the send method.
Back to the top
  •  A memory leak and a security problem occur in XMLHTTP code
				if credentials are required when the send method is called.
Back to the top
  •  Included .xsl files are not downloaded. This problem
				occurs because MSXML 3.0 performs HTTP POST requests instead of GET requests
				for the included files.
Back to the top
  •  Redirects to relative pages return an "Unspecified Error"
				error message when the ServerXMLHTTP send method is called. 
Back to the top
  • XMLHTTP has problems when it translates responses that
				include multi-byte characters.
Back to the top
  •  The AllowDocumentFunction property returns the incorrect value. This property was added in
				MSXML 3.0 SP4. 
Back to the top
  •  The EBay Turbo Lister application crashes because of an
				Extensible Stylesheet Language (XSL) problem in MSXML 3.0 SP4. The problem
				occurs when many nodes are transformed under stress. 
Back to the top
New features that are included in MSXML 3.0 SP5
MSXML 3.0 SP5 includes some new properties, a new flag, and a new
		  interface to help prevent DOS attacks. You need the updated C++ header file
		  from the updated MSXML SDK to use the new flag and the new interface.
A Simple API for XML (SAX) parser property that is named "prohibit-dtd" is added
Property values for the prohibit-dtd property: 
		  
  • false (VARIANT_FALSE) = (default) Allow a document type
				definition (DTD) to be included in an XML document
  • true (VARIANT_TRUE) = Prohibit a DTD from being included in
				an XML document
 This feature lets users prohibit DTD use. Prohibiting DTD use
		  may help prevent DOS attacks in situations where many entity resolutions may
		  cause applications to stop responding. When a DTD is used, this feature can
		  prohibit DTDs. It can also prevent the send error "Invalid at the top level of
		  the document" (XML_E_INVALIDATROOTLEVEL, 0xE52D).
A DOM property that is named "ProhibitDTD" is added
The ProhibitDTD property does not allow DTDs to be included in XML documents. By
		  default, this property is set to FALSE. When the property is set to FALSE, DTDs
		  are allowed. When the property is set to TRUE, DTDs are not allowed. This
		  property is not copied when the DOM is cloned. 

This property let
		  users prohibit DTD use. Preventing DTD use may help prevent DOS attacks in
		  situations where many entity resolutions may cause applications to stop
		  responding. Setting this property prohibits DTD use. When a DTD is used, the
		  user receives the error "Invalid at the top level of the document"
		  (XML_E_INVALIDATROOTLEVEL, 0xE52D). 

Example
xmldoc.setProperty("ProhibitDTD", True); // Jscript
xmldoc.setProperty "ProhibitDTD", True   'VBScript
Note The ProhibitDTD property works even if data is loaded from another DOM document.
		  

Example
dom1.load("file with DTD");
dom2.setProperty("ProhibitDTD", true);
dom2.Load(dom1);   <--- This will Error
The IXMLParser::SetFlags method allows a new flag that is named XMLFLAG_PROHIBIT_DTD
This flag lets users prohibit DTD use. Prohibiting DTD use may
		  help prevent DOS attack in situations where many entity resolutions may cause
		  applications to stop responding. Setting this flag with the IXMLParser::SetFlags() method prohibits DTD use. When a DTD is used, the user receives
		  the error "Invalid at the top level of the document" (XML_E_INVALIDATROOTLEVEL,
		  0xE52D). 

A new interface that is named IXMLParser3 is added
The IXMLParser3 interface is added to set the max-attributes-per-element property to limit the number of attributes for each element.
interface IXMLParser3 : IXMLParser2
{
    HRESULT SetProperty(
        [in] const WCHAR* pwcName,
        [in] VARIANT value);
 
    HRESULT GetProperty(
        [in] const WCHAR* pwcName,
        [out,retval] VARIANT* value);
};

New property name

"max-attributes-per-element" 

Default Value

-1 ( no limit ) 

Usage
pParser->SetProperty(L"max-attributes-per-element" , value )
                                 /*value is VARIANT containing a LONG*/
Note This count does not include the default attributes that are
		  passed through DTDs or schemas.

For more information about this
		  interface, see the following Microsoft Developer Network (MSDN) Web site:
http://msdn2.microsoft.com/en-us/library/ms759165.aspx
            (http://msdn2.microsoft.com/en-us/library/ms759165.aspx)
        
Back to the top
APPLIES TO
  • Microsoft XML Parser 3.0
Back to the top
Keywords: 
                            
kbservicepack kbhowto kbxml kbinfo kbfix KB890077
Back to the top

					 
                    
                    
                         
                    
                    
				


				

	
					
					
						
Community Feedback System

						
Very often, it takes hours to solve a problem. Very often, you've looked high 
							and low, and have tried a lot of solutions. When you finally found it, chances 
							are, it was because someone else helped you. Here's your chance to give back. 
							Use our community feedback tool to let others know what worked for you and what 
							didn't.

						
Please also understand that the community feedback system is not warranted to be 
							correct, it's simply a system that we've built to let people try and help each 
							other. If something in a feedback response doesn't make sense to you, or you're 
							not comfortable making changes that the feedback talks about (like registry 
							edits), please consult a professional.

						
Thank you for using kbAlertz.com Feedback System.

						
-- Scott Cate

					
					


	

		

			
				Anonymous User
				
			
			
				Report As Irrelevant  
				
			
		

		

			Written:
				9/19/2008 5:27 AM
		

		

			
				 h
			
		

	



					

						





		(Optional) Name

	

(Optional) 
Public URL Or Email

	

Comments

	No 
HTML -- Text Only Please




 
	

				








 


				


			
 

       
        
	    






	
	
	




	
	
	

















	

		
	

	

		
		Copyright © 
			2002-2007 KBALERTZ.COM.  All Rights Reserved. 
				Terms / PrivacyDiscount ASP.NET Hosting