Welcome  |  Sign in
Skip Navigation Links
.NET Framework Developer Center
Click to Rate and Give Feedback
MSDN
MSDN Library
.NET Development
Previous Versions
.NET Framework 2.0
System.Xml.Xsl
This page is specific to
Microsoft Visual Studio 2005/.NET Framework 2.0

Other versions are also available for the following:
.NET Framework Class Library
XslCompiledTransform Class

Note: This class is new in the .NET Framework version 2.0.

Transforms XML data using an XSLT style sheet.

Namespace: System.Xml.Xsl
Assembly: System.Xml (in system.xml.dll)

Visual Basic (Declaration)
Public NotInheritable Class XslCompiledTransform
Visual Basic (Usage)
Dim instance As XslCompiledTransform
C#
public sealed class XslCompiledTransform
C++
public ref class XslCompiledTransform sealed
J#
public final class XslCompiledTransform
JScript
public final class XslCompiledTransform

The XslCompiledTransform class is an XSLT processor that supports the XSLT 1.0 syntax. It is a new implementation and includes performance gains when compared to the obsolete XslTransform class. The structure of the XslCompiledTransform class is very similar to the XslTransform class. The Load method loads and compiles the style sheet, while the Transform method executes the XSLT transform.

Support for the XSLT document() function and embedded script blocks are disabled by default. These features can be enabled by creating an XsltSettings object and passing it to the Load method.

For more information, see Using the XslCompiledTransform Class and Migrating From the XslTransform Class.

Security Considerations

When creating an application that uses the XslCompiledTransform class, you should be aware of the following items and their implications:

  • XSLT scripting is disabled by default. XSLT scripting should be enabled only if you require script support and you are working in a fully trusted environment.

  • The XSLT document() function is disabled by default. If you enable the document() function, restrict the resources that can be accessed by passing an XmlSecureResolver object to the Transform method.

  • Extension objects are enabled by default. If an XsltArgumentList object containing extension objects is passed to the Transform method, they are utilized.

  • XSLT style sheets can include references to other files and embedded script blocks. A malicious user can exploit this by supplying you with data or style sheets that when executed can cause your system to process until the computer runs low on resources.

  • XSLT applications that run in a mixed trust environment can result in style sheet spoofing. For example, a malicious user can load an object with a harmful style sheet and hand it off to another user who subsequently calls the Transform method and executes the transformation.

These security issues can be mitigated by not enabling scripting or the document() function unless the style sheet comes from a trusted source, and by not accepting XslCompiledTransform objects, XSLT style sheets, or XML source data from an untrusted source.

The following example executes a transform and outputs to a file.

Visual Basic
' Load the style sheet.
Dim xslt As New XslCompiledTransform()
xslt.Load("output.xsl")
        
' Execute the transform and output the results to a file.
xslt.Transform("books.xml", "books.html")
C#
// Load the style sheet.
XslCompiledTransform xslt = new XslCompiledTransform();
xslt.Load("output.xsl");

// Execute the transform and output the results to a file.
xslt.Transform("books.xml", "books.html");
System.Object
  System.Xml.Xsl.XslCompiledTransform

The XslCompiledTransform object is thread safe once it has been loaded. In other words, after the Load method has successfully completed, the Transform method can be called simultaneously from multiple threads.

If the Load method is called again in one thread while the Transform method is being called in another thread, the XslCompiledTransform object finishes executing the Transform call by continuing to use the old state. The new state is used when the Load method successfully completes.

NoteNote

The Load method is not thread safe when called simultaneously from multiple threads.

Windows 98, Windows 2000 SP4, Windows Millennium Edition, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see System Requirements.

.NET Framework

Supported in: 2.0
Tags What's this?: Add a tag
Community Content   What is Community Content?
Add new content RSS  Annotations
More info on XslCompiledTransform class      Oleg Tkachenko   |   Edit   |  
For more info on XslCompiledTransform class take a look at the "Introducing XslCompiledTransform" article published at the Microsoft XML Team blog site - http://blogs.msdn.com/xmlteam/articles/Introducing_XslCompiledTransform.aspx.
Tags What's this?: Add a tag
Flag as ContentBug
Resolving of external URIs was prohibited      lllllll   |   Edit   |  
System.Xml.XmlException: Resolving of external URIs was prohibited.

An unhandled exception was generated during the execution...

For several days I've been trying to resolve the above error.

This documentation claims that the above error can be mitigated by using XmlResolver, XmlSecureResolver, XmlUrlResolver or some combination of the three. Note that I have been able to reproduce this error with a single xsl:import element (no document() functions involved, so XmlSecureResolver is NOT an issue nor needed, as far as I can tell).

xsl:import or xsl:include functions

The following code produces the above error:
Dim xsl_src As String = Server.MapPath("stylesheets\\main.xsl")
Dim xml_src As String = Server.MapPath("data\\mydata.xsl")
Dim xslt As New XslCompiledTransform
Dim xslt_settings As New XsltSettings
Dim resolver As New XmlUrlResolver

xslt.Load(xsl_src, xslt_settings, resolver)
According to all the articles I've been able to find on this topic and according to what I've been able to glean from the MS documentation, this should work, but it doesn't and I can't offer a solution because I find the documentation to be too vague. Sorry. Good luck.

Here are some links you might find useful:

http://www.topxml.com/rbnews/.NET%20XML,%20System.XML/re-6959_Security-changes-in--NET-2-0-s--XSLT.aspx
http://www.vbfrance.com/codes/DOTNET-TRANSFORMATION-XSLT-FICHIER-XML-VB-NET_37120.aspx
http://sqljunkies.com/WebLog/mrys/articles/11321.aspx
http://www.thescripts.com/forum/thread172393.html

Correction: this code DOES work. In my case there were some leftover <asp:... elements in the document I was working on that was causing this error.
Tags What's this?: Add a tag
Flag as ContentBug
Processing
© 2008 Microsoft Corporation. All rights reserved. Terms of Use  |  Trademarks  |  Privacy Statement
Page view tracker