INTRODUCTION
This article lists the significant changes in Microsoft XML
Parser (MSXML) 3.0 Service Pack 5 (SP5). MSXML 3.0 SP5 is included with Microsoft Windows XP Service Pack 2. You can also download MSXML 3.0 SP5 from the
Microsoft Download Center:
Download the MSXML 3.0 SP5 package now.
For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to obtain Microsoft support files from online services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.
back to the topNew features that are included in MSXML 3.0 SP5
MSXML 3.0 SP5 includes some new properties, a new
flag, and a new interface to help prevent DOS
attacks. You need the updated C++ header file from the updated MSXML SDK
to use the new flag and the new interface.
A Simple API for XML (SAX) parser property that is named "prohibit-dtd" is added
Property values for the
prohibit-dtd property:
- false (VARIANT_FALSE) = (default) Allow a document type definition (DTD) to be included in
an XML document
- true (VARIANT_TRUE) = Prohibit a DTD from being included in an XML
document
This feature lets users prohibit DTD use. Prohibiting DTD use may help
prevent DOS attacks in situations where many entity resolutions
may cause applications to stop responding. When a DTD is used, this feature can prohibit DTDs. It can also prevent the send error "Invalid at the top level of the document"
(XML_E_INVALIDATROOTLEVEL, 0xE52D).
A DOM property that is named "ProhibitDTD" is added
The
ProhibitDTD property does not allow DTDs to be included in
XML documents. By default, this property is set to FALSE. When the property is set to FALSE,
DTDs are allowed. When the property is set to TRUE, DTDs are not allowed. This property is not
copied when the DOM is cloned.
This property let users prohibit DTD use. Preventing DTD use may help prevent DOS attacks in situations where many entity resolutions may cause applications to stop responding. Setting this
property prohibits DTD use. When a DTD is used, the user receives the error "Invalid at the top level of the
document" (XML_E_INVALIDATROOTLEVEL, 0xE52D).
Examplexmldoc.setProperty("ProhibitDTD", True); // Jscript
xmldoc.setProperty "ProhibitDTD", True 'VBScript
Note The
ProhibitDTD property works even if data is loaded from another DOM
document.
Exampledom1.load("file with DTD");
dom2.setProperty("ProhibitDTD", true);
dom2.Load(dom1); <--- This will Error
The IXMLParser::SetFlags method allows a new flag that is named XMLFLAG_PROHIBIT_DTD
This flag lets users prohibit DTD use. Prohibiting DTD use may help prevent DOS attack in situations where many entity resolutions may cause applications to stop responding. Setting this flag with the
IXMLParser::SetFlags() method
prohibits DTD use. When a DTD is used, the user receives the error "Invalid at the top level of the document"
(XML_E_INVALIDATROOTLEVEL, 0xE52D).
A new interface that is named IXMLParser3 is added
The
IXMLParser3 interface is added to set the
max-attributes-per-element property to limit the number of attributes for each element.
interface IXMLParser3 : IXMLParser2
{
HRESULT SetProperty(
[in] const WCHAR* pwcName,
[in] VARIANT value);
HRESULT GetProperty(
[in] const WCHAR* pwcName,
[out,retval] VARIANT* value);
};
New property name"max-attributes-per-element"
Default Value-1 ( no limit )
UsagepParser->SetProperty(L"max-attributes-per-element" , value )
/*value is VARIANT containing a LONG*/
Note This count does not include the default attributes that are passed through
DTDs or schemas.
For more information about this interface, see the following Microsoft Developer Network (MSDN) Web site:
back to the top