Microsoft KB Archive/262236

= FIX: XSL Script Can Modify DOM in Internet Explorer =

Article ID: 262236

Article Last Modified on 10/15/2002

-

APPLIES TO


 * Microsoft XML Parser 2.0

-



This article was previously published under Q262236



SYMPTOMS
The MSXML 2.0 parser allows an XSL script block to modify the contents of the Document Object Model (DOM) when loaded in Microsoft Internet Explorer. This should not be allowed and is not possible from another container, such as Microsoft Windows Scripting Host or Microsoft Visual Basic.



RESOLUTION
Version 2.5 (5.0.2920.0) of the MSXML parser corrects this problem.



STATUS
Microsoft has confirmed that this is a bug in the Microsoft products that are listed at the beginning of this article.

This problem was corrected in MSXML version 2.5.

To download the latest version of MSXML, go to: http://msdn.microsoft.com/xml/default.asp.



Steps to Reproduce Behavior
  Insert the following code into a new text document and save the document as repro.xml:     Insert the following code into a new text document and save the file as repro.xsl in the same location as the previous document:   Behavior Repro Code for Microsoft Knowledge Base Article Q262236  <xsl:apply-templates select=&quot;//invokechange&quot; /> <xsl:apply-templates select=&quot;//original&quot; /> <xsl:apply-templates select=&quot;//changed&quot; /> </xsl:template> <xsl:template match=&quot;invokechange&quot;> Delete original and add changed to DOM = <xsl:eval>ChangeDOM(this);</xsl:eval> <xsl:apply-templates />  </xsl:template> <xsl:template match=&quot;original&quot;> Original value = <xsl:value-of /> <xsl:apply-templates />  </xsl:template> <xsl:template match=&quot;changed&quot;> Changed value = <xsl:value-of /> <xsl:apply-templates />  </xsl:template> <xsl:script language=&quot;JScript&quot;> function ChangeDOM(oNode) {       oParent=oNode.parentNode oFirstChild=oParent.childNodes[0]; oParent.removeChild(oFirstChild); oDoc=oNode.ownerDocument oChanged=oDoc.createElement(&quot;changed&quot;); oChanged.text=&quot;I was added&quot;; oParent.insertBefore(oChanged,oNode); return &quot;Success&quot; } </xsl:script> </xsl:stylesheet> </li> Load the repro.xml file into a Microsoft Internet Explorer Web browser on a computer with MSXML 2.0 installed. The output shows that the &quot;original&quot; node was removed and a new node named changed was added. The XML DOM should not be altered from an XSL script.</li></ol>

Keywords: kbbug kbfix kbmsxml250fix kbmsxmlnosweep KB262236

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.