Submit My Question - Recent Questions - Recent Answer
Msdn Tech >> Visual Studio >> Developer Documentation and Help System

Sandcastle BuildAssembler - Please enable xsl scripts...

Hi Team,

I have a customised version ofmain_sandcastle.xsl in which I have implemented a couple of scripts which I need to perform some tricky stuff.

I get the following error fromBuildAssembler when the scripts are required:
Error: TransformComponent: A error ocurred while executing the transform '', on line 0, at position 0. The error message was: Execution of scripts was prohibited. Use the XsltSettings.EnableScript property to enable it. An error occurred at C:\Program Files\Sandcastle\Presentation\vs2005\Transforms\main_sandcastle.xsl(288,27).

I assume that within theBuildAssembler somewhere you are using theLoad method of theXslCompiledTransform class. By default this disables scripts. Scripts can be enabled by passing anXsltSettings object withEnableScript set totrue. (Note that the object returned by the staticXsltSettings.TrustedXslt property could be used).

See the following documentation from MS:
http://msdn2.microsoft.com/en-us/library/system.xml.xsl.xslcompiledtransform.load.aspx
http://msdn2.microsoft.com/en-us/library/system.xml.xsl.xsltsettings.aspx
http://msdn2.microsoft.com/en-us/library/system.xml.xsl.xsltsettings.trustedxslt.aspx

Could this be included for the Feb CTP release? I think it should be an easy modification and would be a useful feature.

David

[2148 byte] By [Bucket] at [2007-12-30]
«« Vihang's Designer Re-Hosting usage problem
»» Reporting Services Keeping format when deploying to the Report Manager
# 1

David,

Let me take a look at this and yes we can make the necessary changes. I will get back with details.

Anand..

AnandRaman-MSFT at 2007-9-5 > top of Msdn Tech,Visual Studio,Developer Documentation and Help System...
# 2

David,

I have logged an issue for this item. It's unlikely we can get this in the Feb CTP release. Iwould like to undertand the security implications before providing this feature.

Anand..

AnandRaman-MSFT at 2007-9-5 > top of Msdn Tech,Visual Studio,Developer Documentation and Help System...
# 3

Anand,

I don't see how this modification presents any security risk.

The security feature which must be bypassed is intended to stop attacks made by embedding malicious scripts in a remote xsl file.

The files used by sandcastle are all local (or on a local network) and completely under the control of the local system. There can be no security risk from enabling scripts in the xsl files used. For a security risk to be present the BuildAssembler would have to access xsl files which can be replaced or modified by an outside entity. Such modification is already protected (if not then the system can not be secure at all).

The mod is trivial... and not a risk as far as I can tell. However, I am not am by no means an expert in this area. If anyone can see a real risk, please describe how.

David

Bucket at 2007-9-5 > top of Msdn Tech,Visual Studio,Developer Documentation and Help System...
# 4

Thanks David. It's just a standard procedure from our end and let me see if we can get this into this CTP. We have few more fixes schedule this week.

Anand..

AnandRaman-MSFT at 2007-9-5 > top of Msdn Tech,Visual Studio,Developer Documentation and Help System...
Visual Studio
Developer Documentation and Help System

Visual Studio Hot Topic

Visual Studio New Topic

Visual Studio

Java / MSDN / Linux Tech / PHP Tech / MSDN DotNet / MSDN TECH / Health Library / Programmers Tech / visual basic Tech / Developer Tech / Ipod faqs / Msdn China Tech

Site Classified