Select the product you need help with
- Internet Explorer
- Windows Phone
- More products
Conformance and Security Changes in MSXML 4.0 SP2
Article ID: 820882 - View products that this article applies to.
Important This document describes the changes that have been made in MSXML 4.0 Service Pack 2 (SP2) that break with compatibility to earlier versions of MSXML 4.0. While the list has been reviewed for technical accuracy by the Microsoft XML team, do not interpret this list as a complete or final list of changes. Potentially, additional breaking changes might exist in some usage cases. If you suspect that you have experienced a breaking change in MSXML 4.0 that is not documented in this article, contact Microsoft Product Support Services (PSS) to report the breaking change, and to receive additional technical support.
The following changes have been made in MSXML 4.0 SP2:
XSD Validation Enforces Restriction That Is Defined on a Base SimpleTypeIn the original released version of MSXML 4.0 and in MSXML 4.0 Service Pack 1 (SP1), the XML schema validator does not enforce restrictions that are defined on base simpleTypes. Validating the data in the following sample XML document (Restriction.xml) against the sample schema (Restriction.xsd) does not raise any errors in the original released versions of MSMXL 4.0 and MSXML 4.0 SP1 even though the value of the AlphaTestValue element contains a character (the "-" character) that is restricted by the AlphaType base simpleType:
In MSXML 4.0 SP2, a fix has been implemented to enforce restrictions that are defined on base simpleTypes when validating XML data. This is a breaking change that has been implemented to enhance compliancy with the World Wide Web Consortium (W3C) XML Schema specification. XML data that violates restrictions that are defined on base simpleTypes fail validation in MSXML 4.0 SP2.
DOM: SetAttribute() Raises an Error When the Attribute Value Contains Invalid XML CharactersThe IXMLDOMElement.setAttribute() method has been fixed to generate an error when a specified attribute value contains invalid XML characters.
The following are the valid XML characters and character ranges (hexadecimal values) that are defined by the W3C XML language specifications 1.0:
#x9 | #xA | #xD | [#x20-#xD7FF] | [#xE000-#xFFFD] |[#x10000-#x10FFFF]This is a breaking change that has been implemented to enhance compliancy with the W3C XML specification. You receive a runtime error message after you upgrade to MSXML 4.0 SP2 if you have code that uses the setAttribute DOM API method to assign values that contain invalid XML characters to XML attributes. To resolve this, you must change your code so that you do not use invalid XML characters in attribute values.
Importing Schemas Are Imported in Included SchemasIn MSXML 4.0 SP2, you must explicitly import schemas that are imported in included schemas so that the including parent schema can use or can reference schema definitions that they contain. For example, this is true if the following dependencies between three separate XML schemas are in effect:
The error occurs in MSXML 4.0 SP2 because Schema A does not explicitly import Schema C. Schema A should contain an explicit import element to explicitly import Schema C by specifying the corresponding namespace and schemaLocation attributes. It is not sufficient to only specify the namespace attribute. You must also specify the schemaLocation attribute of Schema C.
'<Namespace URI>' is an invalid targetNamespace URI.
This change was made in MSXML 4.0 SP2 to gain more compliancy with the W3C XML Schema specification.
<all> Is Not Permitted in an Extension When the Base Type Is Not EmptyMSXML 4.0 SP2 prevents the use of the <all> particle in a complex type extension when the base type is not empty. When you try to use the XSD <all> particle in this context, you receive the following error message when the schema is compiled:
The following is a sample schema that illustrates an invalid use of the <all> particle in a complex type extension:
<all> is not the only particle in a <group> or being used as an extension
The W3C XML Schema specification does not permit the use of the XSD all element when extending a non-empty base complexType. In this specific sample, you can use an XSD schema sequence element (<xs:sequence>) instead of using the all element (<xs:all>) to define the complex content extension. For more information about what is permitted in complexType extension rules, see the XML Schema specification.
XSD Uniqueness Identity Constraint Is Checked When Xsi:type Is Used to Change the Type of an ElementThe original release of MSXML 4.0 and MSXML 4.0 SP1 contained a bug where uniqueness identity constraints on elements were not validated when the types of the elements were changed by using the XML schema instance xsi:type attribute. This has been fixed in MSXML 4.0 SP2 so that a validation error message is generated.
For example, when you try to validate the following Products.xml document against the Products.xsd schema, you receive a validation error message that indicates that there is a duplicate Product ID in the data:
Security Is Tightened When You Post Data by Using the ServerXmlHttp ObjectSecurity in the implementation of the MSXML 4.0 SP2 ServerXmlHttp object has been enhanced to check the Internet Explorer security policy setting for submitting non-encrypted form data. When you set the Submit nonencrypted form data security policy to Disable or to Prompt, the following error message may be generated when you try to execute an HTTP POST by using the ServerXmlHttp object:
This is a change that can potentially break existing code that uses earlier versions of the ServerXmlHttp object (MSXML 3.0 and its current service packs, the original release of MSXML 4.0, and MSXML 4.0 SP1) to execute an HTTP POST when the Internet Explorer security policy setting for submitting non-encrypted form data is not enabled.
To configure Internet Explorer security to allow the submitting of nonencrypted form data for all users on a computer, do the following in Microsoft Windows 2000 and later:
This is caused by an additional security feature that is named “Enhanced Internet Explorer Settings”. On some computers, this is installed by default. On other computers, you can add it through Windows Components by using the Add/Remove Programs tool in Control Panel.
If an additional security lock down on the account that runs the IIS6 process is in effect, use one of the following methods to work around the problem:
For additional information, click the following article numbers to view the articles in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/818081/EN-US/ )INFO: List of Issues Fixed in MSXML 4.0 Ss (Part 1 of 4)
(http://support.microsoft.com/kb/818083/ )INFO: List of Issues Fixed in MSXML 4.0 SP2 (Part 2 of 4)
(http://support.microsoft.com/kb/818084/ )INFO: List of Issues Fixed in MSXML 4.0 SP2 (Part 3 of 4)
(http://support.microsoft.com/kb/818085/ )INFO: List of Issues Fixed in MSXML 4.0 SP2 (Part 4 of 4)