- Fixes for failures that may occur during low memory conditions.
- Fixes for memory leak issues.
- Performance enhancements that are related to the internal treatment of spin locks and critical section caching.
- Fixes for problems that occur in high-stress situations.
- Fixes for problems that occur while an MSXML application is running under Application Verifier.
- Fixes for security issues. These issues include enhancing security for XMLHTTP host header spoofing and denial-of-service attacks for applications that except XML files that may contain many attributes.
- Applications may stop responding when a document is saved to itself. For example, this problem occurs when you use the save method to save a file to itself as shown in the following code:
- A problem that occurs when a node from one Document Object Model (DOM) document is copied to another DOM document. For example, assume that you have node <NX> in a read-only DOM document and node <NY> in a read/write DOM document. This problem occurs if you clone the <NX> node, and you try to append the <NX> node to the <NY> node. This situation is shown in the following code:
- Cached XML files generate unnecessary HTTP GET requests for embedded XML/Extensible Stylesheet Language for Transformation (XSLT) files. For example, if you load an .xml file that contains an .xsl file that refers to another .xml file, the referenced files are refreshed even though the .xml file was cached.
- The XMLHTTP object crashes when multiples of 4092 bytes of data are sent by using the send method.
- A memory leak and a security problem occur in XMLHTTP code if credentials are required when the send method is called.
- Included .xsl files are not downloaded. This problem occurs because MSXML 3.0 performs HTTP POST requests instead of GET requests for the included files.
- Redirects to relative pages return an "Unspecified Error" error message when the ServerXMLHTTP send method is called.
- XMLHTTP has problems when it translates responses that include multi-byte characters.
- The AllowDocumentFunction property returns the incorrect value. This property was added in MSXML 3.0 SP4.
A Simple API for XML (SAX) parser property that is named "prohibit-dtd" is addedProperty values for the prohibit-dtd property:
- false (VARIANT_FALSE) = (default) Allow a document type definition (DTD) to be included in an XML document
- true (VARIANT_TRUE) = Prohibit a DTD from being included in an XML document
A DOM property that is named "ProhibitDTD" is addedThe ProhibitDTD property does not allow DTDs to be included in XML documents. By default, this property is set to FALSE. When the property is set to FALSE, DTDs are allowed. When the property is set to TRUE, DTDs are not allowed. This property is not copied when the DOM is cloned.
This property let users prohibit DTD use. Preventing DTD use may help prevent DOS attacks in situations where many entity resolutions may cause applications to stop responding. Setting this property prohibits DTD use. When a DTD is used, the user receives the error "Invalid at the top level of the document" (XML_E_INVALIDATROOTLEVEL, 0xE52D).
xmldoc.setProperty("ProhibitDTD", True); // Jscript
xmldoc.setProperty "ProhibitDTD", True 'VBScript
dom1.load("file with DTD");
dom2.Load(dom1); <--- This will Error
The IXMLParser::SetFlags method allows a new flag that is named XMLFLAG_PROHIBIT_DTDThis flag lets users prohibit DTD use. Prohibiting DTD use may help prevent DOS attack in situations where many entity resolutions may cause applications to stop responding. Setting this flag with the IXMLParser::SetFlags() method prohibits DTD use. When a DTD is used, the user receives the error "Invalid at the top level of the document" (XML_E_INVALIDATROOTLEVEL, 0xE52D).
A new interface that is named IXMLParser3 is addedThe IXMLParser3 interface is added to set the max-attributes-per-element property to limit the number of attributes for each element.
interface IXMLParser3 : IXMLParser2
[in] const WCHAR* pwcName,
[in] VARIANT value);
[in] const WCHAR* pwcName,
[out,retval] VARIANT* value);
-1 ( no limit )
pParser->SetProperty(L"max-attributes-per-element" , value )
/*value is VARIANT containing a LONG*/
For more information about this interface, see the following Microsoft Developer Network (MSDN) Web site:back to the top
Article ID: 890077 - Last Review: 5 Feb 2013 - Revision: 1