FIX: XSL Script Can Modify DOM in Internet Explorer (262236)


The information in this article applies to:

  • Microsoft XML 2.0
This article was previously published under Q262236

SYMPTOMS

The MSXML 2.0 parser allows an XSL script block to modify the contents of the Document Object Model (DOM) when loaded in Microsoft Internet Explorer. This should not be allowed and is not possible from another container, such as Microsoft Windows Scripting Host or Microsoft Visual Basic.

RESOLUTION

Version 2.5 (5.0.2920.0) of the MSXML parser corrects this problem.

STATUS

Microsoft has confirmed that this is a bug in the Microsoft products that are listed at the beginning of this article.

This problem was corrected in MSXML version 2.5.

To download the latest version of MSXML, go to: http://msdn.microsoft.com/xml/default.asp.

MORE INFORMATION

Steps to Reproduce Behavior

  1. Insert the following code into a new text document and save the document as repro.xml: 
    <?xml version="1.0" ?>
<?xml:stylesheet type="text/xsl" href="repro.xsl"?>
<doc>
	<original/>
	<invokechange/>
</doc>
  2. Insert the following code into a new text document and save the file as repro.xsl in the same location as the previous document:
    <xsl:stylesheet language="JScript" xmlns:xsl="http://www.w3.org/TR/WD-xsl">
  <xsl:template match="/">
	<B>Behavior Repro Code for Microsoft Knowledge Base Article Q262236</B>
	<BR/><BR/>
	<xsl:apply-templates select="//invokechange" />
	<xsl:apply-templates select="//original" />
	<xsl:apply-templates select="//changed" />
  </xsl:template>
  
  <xsl:template match="invokechange">
	Delete original and add changed to DOM =
	<xsl:eval>ChangeDOM(this);</xsl:eval>
	<xsl:apply-templates />
	<BR/>
  </xsl:template>
  
  <xsl:template match="original">
	Original value =
	<xsl:value-of />
	<xsl:apply-templates />
	<BR/>
  </xsl:template>
  
  <xsl:template match="changed">
	Changed value = 
	<xsl:value-of />
	<xsl:apply-templates />
	<BR/>
  </xsl:template>
    
  <xsl:script language="JScript">
	function ChangeDOM(oNode)
	{
		oParent=oNode.parentNode
		oFirstChild=oParent.childNodes[0];
		oParent.removeChild(oFirstChild);
		oDoc=oNode.ownerDocument
		oChanged=oDoc.createElement("changed");
		oChanged.text="I was added";
		oParent.insertBefore(oChanged,oNode);
		return "Success"
	}
  </xsl:script>
</xsl:stylesheet>
  3. Load the repro.xml file into a Microsoft Internet Explorer Web browser on a computer with MSXML 2.0 installed. The output shows that the "original" node was removed and a new node named changed was added. The XML DOM should not be altered from an XSL script.
Modification Type:MajorLast Reviewed:10/15/2002
Keywords:kbBug kbDSupport kbMSXML250fix kbMSXMLnosweep KB262236
©2002 Microsoft Corporation. All rights reserved.