Microsoft KB Archive/290908

= FIX: XML Improperly Loads Data Through an ASP Redirect Across Domains or Protocols =

Article ID: 290908

Article Last Modified on 10/16/2002

-

APPLIES TO


 * Microsoft XML Parser 2.0
 * Microsoft XML Parser 2.5
 * Microsoft XML Parser 2.6
 * Microsoft XML Core Services 4.0

-



This article was previously published under Q290908



SYMPTOMS
You are able to load an XML document by using an Active Server Pages (ASP) page that redirects output from a file on a different domain or through a different protocol from the original request, but you expect the attempt to redirect to be denied.



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

This bug was corrected in Microsoft XML 3.0 Service Pack 1.

For additional information on other fixes included in Microsoft XML 3.0 Service Pack 1, click the article number below to view the article in the Microsoft Knowledge Base:

292935 INFO: List of Issues Fixed in Microsoft XML 3.0 Service Pack 1

For the latest information and downloads of MSXML, refer to the following MSDN Web site at:

http://msdn.microsoft.com/xml/default.asp



Steps to Reproduce Behavior
 Create the testredirect HTML document.  Create a new text document by using Microsoft Notepad or another text editor.  Paste the following code into the new text document:   Repro Code for Q290908   There should be an error, but with versions of MSXML prior to MSXML 3, SP1, there is none. <SCRIPT FOR=window EVENT=onload> document.expando = false; Verify;

function Verify {         var strResponse = &quot;&quot;; var xmlDoc = new ActiveXObject(&quot;MSXML2.DOMDocument&quot;); xmlDoc.async = false;

try {           var fileName = &quot;http://localhost/redirect1.asp&quot;  ; xmlDoc.load(fileName);

strResponse = &quot;No error in loading:\n&quot; + fileName; strResponse += &quot;\n&quot;; strResponse += xmlDoc.xml; }       catch(e) {           strResponse = &quot;file : &quot; + fileName + &quot;\n&quot;; strResponse += &quot;error# :\n&quot;; strResponse += e.number + &quot;\n&quot;; strResponse += &quot;description :\n*&quot;; strResponse += e.description + &quot;*&quot;; }          alert(strResponse); }   </SCRIPT> </BODY> </HTML> </li> Save the text file as C:\InetPub\wwwroot\testredirect.html.</li></ol> </li> Create the redirect1 ASP page, which will redirect to the third ASP page, using the file:// protocol. <ol style="list-style-type: lower-alpha;"> Create a new text document by using Microsoft Notepad or another text editor.</li>  Paste the following code into the new text document: <%@ Language=VBScript %> <% Response.Redirect &quot;file://c|\inetpub\wwwroot\redirect2.asp&quot; %>                       </li> Save the text file as C:\InetPub\wwwroot\redirect1.asp</li></ol> </li> Create the redirect2 ASP page. <ol style="list-style-type: lower-alpha;"> Create a new text document by using Microsoft Notepad or another text editor.</li>  Paste the following code into the new text document: <%@ Language=VBScript %> <% Response.ContentType = &quot;text/xml&quot; Response.Write &quot; This is a test &quot; %>                       </li> Save the text file as C:\InetPub\wwwroot\redirect2.asp</li></ol> </li> Browse to the test.html from a computer on which MSXML 3.0 Service Pack 1 has not been installed, and note that the code does not produce an Access Denied error as it should, but improperly loads the data.</li></ol>

Keywords: kbbug kbfix kbmsxml300sp1fix kbmsxmlnosweep KB290908

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.