Upgrading to MSXML 6.0
Contents
3. Security Migration – Understanding Off-By-Default 3
5. Obsolete features/Classes. 8
Abstract
Microsoft Core XML Services (MSXML) 6.0 is the current version of the core XML stack in the COM / Scripting environment. This document covers installation of MSXML6 and application upgrade, supported operating systems and changes from MSXML 3 and MSXML 4.
The key changes in MSXML 6.0 that are covered in this document are as follows:
- MSXML 6.0 introduced a number of security changes to turn security sensitive features “off-by-default”.
- MSXML 6.0 has improved support for the W3C XSD 1.0 Specification and has also increased compatibility with System.Xml in the .Net Framework 2.0
- MSXML 6.0 has deprecated several legacy features from MSXML 3.0 & MSXML 4.0
- MSXML 6.0 no longer supports deployment by MSM or CAB. Only MSI installation is supported downlevel from Vista. MSXML6 is part of the Vista operating system. We are working on offering MSXML 6.0 SP1 as a recommended update on Windows Update and may switch to Critical Update if there is strong feedback on the cab scenario usage. Web application developers need to advise their customer to get MSXML 6.0 SP1
Please see the sections below on details on these changes.
MSDN documentation on these changes in MSXML 6.0 at https://msdn2.microsoft.com/en-us/library/ms753751.aspx
Installation & Upgrade
Installation Summary : MSXML6 is included in Vista by default and is available for download for supported downlevel platforms fromhttps://www.microsoft.com/downloads/details.aspx?FamilyID=d21c292c-368b-4ce1-9dab-3e9827b70604&displaylang=en
Installation Location: Successful installation will result in the addition of
%SYSDIR%\msxml6.dll
%SYSDIR%\msxml6r.dll
Version : 6.10.1129.0
Upgrade: In order to upgrade an application to use MSXML 6.0, all the references to MSXML objects must be modified to use the MSXML 6.0 version dependent ProgIDs. For example: MSXML2.DOMDocument.6.0
Supported Operating Systems
MSXML 6.0 supports the following operating systems:
- Windows 2000
- Windows XP
- Windows 2003
- Windows Vista
Support will follow the support policy for Windows service packs listed at https://support.microsoft.com/default.aspx?pr=lifesupsps#Windows Because MSXML 6.0 releases out of band from down-level operating systems, only the most recent (n) and n-1 service packs of MSXML are supported on the supported operating systems.
Security Migration – Understanding Off-By-Default
In MSXML 6.0 several security sensitive properties have been configured to be off by default. When upgrading these properties may need to be re-enabled, however be aware that these properties are important in securing the DOM and SAX Reader when parsing data from untrusted or unauthenticated clients. The security risks should be carefully considered when enabling these properties in an unauthenticated channel.
MSDN documentation on this subject at https://msdn2.microsoft.com/en-us/library/ms754611.aspx
DOMDocument60 Property Settings
The following are second level properties for DOMDocument60. The syntax for setting second level properties: xmldoc.setProperty "propertyname", Boolean
Note: The property name is a case sensitive.
1. ResolveExternals - Sets the master control for all externally resolvable resources including:
- All external definitions
- resolvable namespaces
- document type definition (DTD) external subsets
- external entity references
- xsd:include, xsd:import, xsd:redefine
- xsl:include, xsl:import
- xsi:schemaLocation
Default: ResolveExternals is set to false by default in 6.0
Notes: If the Xml file has a reference to an external DTD or entity references, it would fail to load the DTD and as result the xml document will not be validated.
If XSD schemas include or import other schemas, they will not be resolved as well and may lead to XSD compilation and validation errors.
Example: Xmldoc.setProperty “ResolveExternals”, true
2. ProhibitDTD - Prohibits inclusion of DTDs in XML documents. When this property is set to true instance documents containing DTDs cannot be parsed. When set to FALSE, DTDs are allowed. Setting this property will prohibit DTDs and send error "Invalid at the top level of the document" (XML_E_INVALIDATROOTLEVEL, 0xE52D) whenever DTD is used.
Default: ProhibitDTD is set to TRUE by default (DTDs are not allowed)
Notes: This property was added in MSXML6 and MSXML3 SP5 – it does not exist in MSXML4 SP2
Example: xmldoc.SetProperty "ProhibitDTD", True
3. MaxElementDepth – Specifies the maximum element depth for any document, schema, or XSLT file when it is loaded into the DOM. It does set any limitations on overall file size, or the size of the content of any given particle (attribute, element, comment, etc.). Any document that has a subtree which exceeds the MaxElementDepth will cause an error.
Default: 256
Notes: This is a new property in MSXML 6.0 SP1, and MSXML3 SP8 (Vista) – it does not exist in MSXML4 SP2
Example: xmldoc.SetProperty "MaxElementDepth", 100
4. UseInlineSchema – Specifies whether inline XSD schemas in an instance document should be used to validate the document (true) or not (false). When this property is set to false, inline schemas are treated like any other XML fragments.
Default: UseInlineSchema is set to false by default.
Notes: This setting does not affect whether validation occurs or not at parse time. Even when this property is set to false the instance document can still be validated at parse time
Example: Xmldoc.setProperty “UseInlineSchema”, true
5. AllowDocumentFunction - enables (true) or disables (false) the document() function in XSLT. Attempts to call the document() when the property is disabled will result in an "Access Denied" error.
Default: AllowDocumentFunction is set to false by default.
Notes: This property is supported in MSXML 3.0 SP4, MSXML 4.0 SP2, and later.
Example: xsltdoc.setProperty “AllowDocumentFunction”,true
6. AllowXsltScript – enables (true) or disables (false) the ability to embed script in XSLT files. When set to false AllowXsltScript will prohibit all script blocks in an XSLT stylesheet. It will error when an XSLT DOM object containing script is used in transformNode() or transformNodeToObject(), or when the XSLT DOM is set as the stylesheet property on the IXSLTemplate.
Default: AllowXsltScript is set to false by default
Notes: When XSLT is hosted inside IE the URL of the hosting page is used to determine the script execution permissions based on the intersection of the zone the hosting page belongs to and the user’s IE security policy for that zone even when AllowXsltScript is set to true. When AllowXsltScript is set to false in IE all scripts are blocked regardless of the user’s security policy for that zone.
AllowXsltScript property applies to all included/imported XSLT.
AllowXsltScript is a new property in MSXML 6.0
Example: xsltdoc.SetProperty "AllowXsltScript”, True
SAXXMLReader60 Property Settings
Similar to the DOMDocument, the parsing behavior for the SAX reader has also been configured to be off by default to provide secure parsing services out of the box. The concepts are largely the same but SAX does not support XSLT and the property names differ in some cases.
1. prohibit-dtd – Similar to the DOM property it prohibits inclusion of DTDs in XML documents. When this property is set to true instance documents containing DTDs cannot be parsed. When set to FALSE, DTDs are allowed.
Default: This property is set to true by default
Notes: This property is new in MSXML 6.0
2. max-element-depth – Similar to the DOM property it specifies the maximum element depth for any document parsed by the SAX reader. It does set any limitations on overall file size, or the size of the content of any given particle (attribute, element, comment, etc.). Any document that has a subtree which exceeds the MaxElementDepth will cause an error
Default: The property is set to 256 by default.
Notes: This property is new in MSXML 6.0
3. use-inline-schema – Similar to the DOM property it specifies whether inline XSD schemas in an instance document should be used to validate the document (true) or not (false). When this property is set to false, inline schemas are treated like any other XML fragments.
Default: This property is set to false by default.
Notes: This setting does not affect whether validation occurs or not at parse time. Even when this property is set to false the instance document can still be validated at parse time
4. use-schema-location – Unlike the DOM which uses ResolveExternals to control all externals, the SAX reader allows more granular control of external entities, DTDs, and XSD schemas. This property controls whether or not to resolve XSD schemas referenced in the XML document using the xsi:schemaLocation attribute. When set to true the xsi:schemLocation value will attempt to be resolved and used for validation. When set to false the xsi:schemaLocation attribute will be ignored.
Default: This property is set to false by default.
Notes: Setting this property to false protects the parser from potential security exposure from loading schemas referenced by untrusted data but may lead to unexpected validation behavior if the application relies on the instance document to provide an appropriate schema
There is no change in the behavior for other externals (entities, external DTDs) in MSXML 6.0
Improving W3C XSD 1.0 Conformance & Compatibility with System.Xml 2.0: Changes to the XmlSchemaCache:
In order to improve conformance to the W3C standard and compatibility with other schema implementations MSXML 6.0 introduces a number of changes to the XSD schema compilation and validation model in the XmlSchemaCache. These changes apply regardless of whether documents are being validated through the DOMDocument or the SAXXMLReader.
XmlSchemaCache is used by the schemas and namespaces properties of the IXMLDOMDocument2 interface as well as being supported as one of the properties in ISAXXMLReader.putProperty.
The IXMLDOMSchemaCollection/XMLSchemaCache object is free-threaded and can be used in multiple documents at the same time. The XML Schema document that is sent to the schema collection is cloned, and the XML Schema document remains writable. Any changes that occur in the XML Schema file after it is stored in the schema cache are not reflected in its cloned image. A single schema cache can be added to multiple schema collections, due to the creation of the cloned image.
MSDN documentation on this subject at https://msdn2.microsoft.com/en-us/library/ms764692.aspx
Changes in XmlSchemaCache
1. XmlSchemaCache Add() method:
-
- Will union the declarations in the same namespace even when loaded from multiple locations on successive calls to the Add() method.
- Will cause all the schemas imported by the added schema to also be added into the cache as “top-level” types
- Schema imports are considered “lax”
- Any namespace/type already added to the SchemaCache can be referenced by another schema in the cache even if there is no explicit import in the referencing schema
§ User needs to validate on add set to false in order to avoid issues around order of calls to Add
o The Add operation is atomic. All the schemas must be added successfully to the cache or else none are. This includes both syntactic and semantic violations in the provided schema such as conflicting items in the resulting set resulting from importing a version of a schema from different loc and/or redefining some items already in the cache.
2. MSXML 6.0 has removed support for XDR schemas. The following error occurs when tried to load an XDR schema:
-2147467259:productsxdr.xml#/Schema : Incorrect definition for the root element in schema.
3. XmlSchemaCache get() method: In previous versions, this method returns the DOMDocument for a given namespace. In MSXML 6.0 this method is not implemented.
4. XmlSchemaCache remove() method: In previous versions, this method removes the specified namespace from a collection. In MSXML 6.0 this method is not implemented.
5. XmlSchemaCache addCollection() method: Behaves similar to Add() method. This method is atomic – either all schemas are added or none are.
6. maxOccurs and minOccurs: MSXML 6.0 does not support minOccurs or maxOccurs values greater than 2^32. Values larger than that are automatically truncated to 2^32. To support content models that allow more than 2^32 elements for a given declaration use the “unbounded” keyword.
7. The implementation is compatible with the System.Xml schemas. Which implies the schema that compile in SOM also compile in System.Xml.
8. The XmlSchemaCache can be populated using the urlpath or DOMDocument. When using urlpath to populate the XmlSchemaCache the default DOMDocument is created. For the default DOMDocument, some properties (ResolveExternals, useInlineSchema, etc) are disabled. This may cause problems if the schema contains external references(xs:include, xs:import). The included/imported schemas will not be resolved.
In cases where the schema has external references, use DOMDocument to load the XmlSchemaCache. For each include/import schema, a DOMDocument is created in memory. If a DOMDocument is used to load the XmlSchemaCache, then the DOMDocuments created will inherit the DOMDocument. Therefore the external references can be resolved.
Obsolete features/Classes
1. XDR Schemas can no longer be used with MSXML 6.0. To convert XDR schemas to XSD format, XSD.EXE can be used. XSD.exe is installed with Visual studio .NET 1.0 and 1.1.
2. DSO document(MSXML2.DSOControl.6.0) is not available with MSXML 6.0. This feature is not used by many customers.
Example: When tried to create MSXML2.DSOControl.6.0 object, the following error occurs:
429:ActiveX component can't create object