XslTransform.Load Method (XPathNavigator, XmlResolver, Evidence)
Loads the XSLT style sheet contained in the XPathNavigator. This method allows you to limit the permissions of the style sheet by specifying evidence.
Assembly: System.Xml (in System.Xml.dll)
public void Load( XPathNavigator stylesheet, XmlResolver resolver, Evidence evidence )
- Type: System.Xml.XPath.XPathNavigator
An XPathNavigator object containing the style sheet to load.
- Type: System.Xml.XmlResolver
The XmlResolver used to load any style sheets referenced in xsl:import and xsl:include elements. If this is null, external resources are not resolved.
- Type: System.Security.Policy.Evidence
The System.Security.Policy.Evidence set on the assembly generated for the script block in the XSLT style sheet.
If this is null, script blocks are not processed, the XSLT document() function is not supported, and privileged extension objects are disallowed.
The caller must have ControlEvidence permission in order to supply evidence for the script assembly. Semi-trusted callers can set this parameter to null.
The XslTransform class is obsolete in the .NET Framework version 2.0. The XslCompiledTransform class is the new XSLT processor. For more information, see Using the XslCompiledTransform Class and Migrating From the XslTransform Class.
XslTransform supports the XSLT 1.0 syntax. The XSLT style sheet must include the namespace declaration xmlns:xsl= http://www.w3.org/1999/XSL/Transform.
The style sheet is loaded from the current position of the XPathNavigator. To use a portion of the loaded document as the style sheet, navigate to the node corresponding to the beginning of the style sheet. After the Load method returns, the XPathNavigator is positioned at the beginning of the style sheet (on the xsl:style sheet node).
For issues with the Load method and style sheets with embedded scripts, see article Q316755 in the Microsoft Knowledge Base at http://support.microsoft.com.
There are different ways to provide evidence. The following table describes what type of evidence to provide for common user scenarios.
Type of evidence to provide
The XSLT style sheet is self-contained or comes from a code base that you trust.
Use the evidence from your assembly.
XsltTransform xslt = new XslTransform(); xslt.Load(xslNav, resolver, this.GetType().Assembly.Evidence);
The XSLT style sheet comes from an outside source. The origin of the source is known, and there is a verifiable URL.
Create evidence using the URL.
XsltTransform xslt = new XslTransform(); Evidence evidence = XmlSecureResolver.CreateEvidenceForUrl(style sheetURL); xslt.Load(xslNav,resolver,evidence);
The XSLT style sheet comes from an outside source. The origin of the source is not known.
Set evidence to null. Script blocks are not processed, the XSLT document() function is not supported, and privileged extension objects are disallowed.
Additionally, you can also set the resolver parameter to null. This ensures that xsl:import and xsl:include elements are not processed.
The XSLT style sheet comes from an outside source. The origin of the source is not known, but you require script support.
Request evidence from the caller. The API of the caller must provide a way to provide evidence, typically the Evidence class.
The following example performs an XSLT transformation using a style sheet from an outside source. Because the style sheet comes from an untrusted source, the resolver and evidence parameters are set to null.
Windows 8.1, Windows Server 2012 R2, Windows 8, Windows Server 2012, Windows 7, Windows Vista SP2, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role supported with SP1 or later; Itanium not supported)
The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.