XslTransform.Load Method (IXPathNavigable, XmlResolver, Evidence)

 

Loads the XSLT style sheet contained in the IXPathNavigable. This method allows you to limit the permissions of the style sheet by specifying evidence.

Namespace:   System.Xml.Xsl
Assembly:  System.Xml (in System.Xml.dll)

public void Load(
	IXPathNavigable stylesheet,
	XmlResolver resolver,
	Evidence evidence
)

Parameters

stylesheet
Type: System.Xml.XPath.IXPathNavigable

An object implementing the IXPathNavigable interface. In the .NET Framework, this can be either an XmlNode (typically an XmlDocument), or an XPathDocument containing the XSLT style sheet.

resolver
Type: System.Xml.XmlResolver

The XmlResolver used to load any style sheets referenced in xsl:import and xsl:include elements. If this is null, external resources are not resolved.

The XmlResolver is not cached after the Load method completes.

evidence
Type: System.Security.Policy.Evidence

The System.Security.Policy.Evidence set on the assembly generated for the script block in the XSLT style sheet.

If this is null, script blocks are not processed, the XSLT document() function is not supported, and privileged extension objects are disallowed.

The caller must have ControlEvidence permission in order to supply evidence for the script assembly. Semi-trusted callers can set this parameter to null.

Exception Condition
XsltCompileException

The loaded resource is not a valid style sheet.

SecurityException

The referenced style sheet requires functionality that is not allowed by the evidence provided.

The caller tries to supply evidence and does not have ControlEvidence permission.

System_CAPS_noteNote

The XslTransform class is obsolete in the .NET Framework version 2.0. The XslCompiledTransform class is the new XSLT processor. For more information, see Using the XslCompiledTransform Class and Migrating From the XslTransform Class.

XslTransform supports the XSLT 1.0 syntax. The XSLT style sheet must include the namespace declaration xmlns:xsl= http://www.w3.org/1999/XSL/Transform.

For issues with the Load method and style sheets with embedded scripts, see article Q316755 in the Microsoft Knowledge Base at http://support.microsoft.com.

There are different ways to provide evidence. The following table describes what type of evidence to provide for common user scenarios.

Scenario

Type of evidence to provide

The XSLT style sheet is self-contained or comes from a code base that you trust.

Use the evidence from your assembly.

XsltTransform xslt = new XslTransform();
xslt.Load(style sheet, resolver, this.GetType().Assembly.Evidence);

The XSLT style sheet comes from an outside source. The origin of the source is known, and there is a verifiable URL.

Create evidence using the URL.

XsltTransform xslt = new XslTransform();
Evidence evidence = XmlSecureResolver.CreateEvidenceForUrl(style sheetURL);
xslt.Load(style sheet,resolver,evidence);

The XSLT style sheet comes from an outside source. The origin of the source is not known.

Set evidence to null. Script blocks are not processed, the XSLT document() function is not supported, and privileged extension objects are disallowed.

Additionally, you can also set the resolver parameter to null. This ensures that xsl:import and xsl:include elements are not processed.

The XSLT style sheet comes from an outside source. The origin of the source is not known, but you require script support.

Request evidence from the caller. The API of the caller must provide a way to provide evidence, typically the Evidence class.

SecurityPermission

for providing evidence. Associated enumeration: SecurityPermissionFlag.ControlEvidence

.NET Framework
Available since 1.1
Return to top
Show: