Export (0) Print
Expand All

XslTransform.Load Method (XmlReader, XmlResolver, Evidence)

Loads the XSLT style sheet contained in the XmlReader. This method allows you to limit the permissions of the style sheet by specifying evidence.

Namespace:  System.Xml.Xsl
Assembly:  System.Xml (in System.Xml.dll)

public void Load(
	XmlReader stylesheet,
	XmlResolver resolver,
	Evidence evidence
)

Parameters

stylesheet
Type: System.Xml.XmlReader

An XmlReader object containing the style sheet to load.

resolver
Type: System.Xml.XmlResolver

The XmlResolver used to load any style sheets referenced in xsl:import and xsl:include elements. If this is null, external resources are not resolved.

The XmlResolver is not cached after the Load method completes.

evidence
Type: System.Security.Policy.Evidence

The System.Security.Policy.Evidence set on the assembly generated for the script block in the XSLT style sheet.

If this is null, script blocks are not processed, the XSLT document() function is not supported, and privileged extension objects are disallowed.

The caller must have ControlEvidence permission in order to supply evidence for the script assembly. Semi-trusted callers can set this parameter to null.

ExceptionCondition
XsltCompileException

The current node does not conform to a valid style sheet.

SecurityException

The referenced style sheet requires functionality that is not allowed by the evidence provided.

The caller tries to supply evidence and does not have ControlEvidence permission.

NoteNote

The XslTransform class is obsolete in the .NET Framework version 2.0. The XslCompiledTransform class is the new XSLT processor. For more information, see Using the XslCompiledTransform Class and Migrating From the XslTransform Class.

XslTransform supports the XSLT 1.0 syntax. The XSLT style sheet must include the namespace declaration xmlns:xsl= http://www.w3.org/1999/XSL/Transform.

This method loads the XSLT style sheet, including any style sheets referenced in xsl:include and xsl:import elements. The style sheet loads from the current node of the XmlReader through all its children. This enables you to use a portion of a document as the style sheet.

After the Load method returns, the XmlReader is positioned on the next node after the end of the style sheet. If the end of the document is reached, the XmlReader is positioned at the end of file (EOF).

If the style sheet contains entities, you should specify an XmlReader that can resolve entities (XmlReader.CanResolveEntity returns true). In this case, an XmlValidatingReader can be used.

For issues with the Load method and style sheets with embedded scripts, see article Q316755 in the Microsoft Knowledge Base at http://support.microsoft.com.

There are different ways to provide evidence. The following table describes what type of evidence to provide for common user scenarios.

Scenario

Type of evidence to provide

The XSLT style sheet is self-contained or comes from a code base that you trust.

Use the evidence from your assembly.

XsltTransform xslt = new XslTransform();
xslt.Load(xslReader, resolver, this.GetType().Assembly.Evidence);

The XSLT style sheet comes from an outside source. The origin of the source is known, and there is a verifiable URL.

Create evidence using the URL.

XsltTransform xslt = new XslTransform();
Evidence evidence = XmlSecureResolver.CreateEvidenceForUrl(stylesheetURL);
xslt.Load(xslReader,resolver,evidence);

The XSLT style sheet comes from an outside source. The origin of the source is not known.

Set evidence to null. Script blocks are not processed, the XSLT document() function is not supported, and privileged extension objects are disallowed.

Additionally, you can also set the resolver parameter to null. This ensures that xsl:import and xsl:include elements are not processed.

The XSLT style sheet comes from an outside source. The origin of the source is not known, but you require script support.

Request evidence from the caller. The API of the caller must provide a way to provide evidence, typically the Evidence class.

The following example performs an XSLT transformation where xsltReader is an XmlReader containing a style sheet and secureURL is a trusted URL that can be used to create Evidence. The XmlSecureResolver.CreateEvidenceForUrl method is used to create Evidence which is applied to the style sheet.


public static void TransformFile (XmlReader xsltReader, String secureURL) {

 // Load the stylesheet using a default XmlUrlResolver and Evidence  
 // created using the trusted URL.
 XslTransform xslt = new XslTransform();
 xslt.Load(xsltReader, new XmlUrlResolver(), XmlSecureResolver.CreateEvidenceForUrl(secureURL));

 // Transform the file.
 xslt.Transform("books.xml", "books.html", new XmlUrlResolver());
} 

.NET Framework

Supported in: 4.6, 4.5, 4, 3.5, 3.0, 2.0, 1.1

.NET Framework Client Profile

Supported in: 4, 3.5 SP1
Show:
© 2015 Microsoft