March 30, 2004

Xerces.NET???

May be I missed something, but looks like Travis Bright is converting Apache Xerces XML parser to .NET. I wonder what for? Aha, he's PM for the Java Language Conversion Assistant (JLCA). That explains. Btw, one day I stumbled across CSS parsing in .NET. Java version of the product I've ...

Woohoo! (MSDN XML DevCenter)

Well, of course the breaking news today are all about recently launched MSDN XML Developer Center. Should admit I've been checking http://msdn.com/xml several times a day last weeks :) At last it's up and it looks just great! Somebody said it's like blessing for XML. Kinda true. Of course the ...

Mark's article "What's New in System.Xml for Visual Studio 2005 and the .NET Framework 2.0 Release" looks brilliant. It's a big one and I didn't read it yet, but it should be familiar to me as I just finished reading his "First Look at ADO.NET and System Xml v 2.0" book. So more comments to come. Btw, that book will be "book-of-the-month" in the recently launched .NET book club.

Addition from Dare - XSD Inference API will be promoted into core System.Xml. Nice. Here we can see how proved to be useful tool make it to the core API.

Additions from Mark:

Many methods and properties on the XmlReader, XmlWriter and XPathNavigator abstract classes now have default implementations added making it easier to implement your custom versions over datastores.
Wow! At last! That was my top feature request.
XPathNodeIterator implements the IEnumerable interface.
Really nice one. It makes XPathNodeIterator more consistent.

Well done, sincere congratulations to Dare and to all involved, let's make XML Dev Center rock!

PS. Small web design comment - the front page looks bad in mozilla.

Visual Studio.NET Wallpaper?

Apparently it's possible to set a background image in VisualStudio.NET text editor via undocumented API. Interesting exercise. [Via Mike Gunderloy] ...

RE: Do we need SAX for .NET? (or does Java ports to C# make sense?)

Daniel says he's disappointed in SAX.NET project I was writing about. Unlike lazy me, he downloaded it and inspected implementation. Well, I mostly agree with him. This piece of direct thoughtless porting of complex convolute Java API to .NET looks weird and kinda unnatural. "namespace System.Xml.Sax {" isn't what I ...

Binary evil strikes back - W3C launches XML Binary Characterization WG

W3C announced the creation of the XML Binary Characterization Working Group. Chartered for a year, the group will analyze and develop use cases and measurements for alternate encodings of XML. Its goal is to determine if serialized binary XML transmission and formats are feasible. The WG has been created as ...

EXSLT.NET and ASP.NET security woes

A long and convolute discussion about security problems of using EXSLT.NET in ASP.NET took place in EXSLT.NET message board. Here I'd like to formulate some short summary. ...

A guy said he's getting SecurityException whenever he tries to use EXSLT.NET in ASP.NET, while it works in command line with nxslt.exe. We use reflection in EXSLT.NET code (e.g. to return a nodeset from the extension functions using this recipe) and as Dare noted in his "EXSLT: Enhancing the Power of XSLT" article, that imposes Full Trust security requirements. That's why at first I decided that's EXSLT.NET fault and I should find out how to get rid of reflection in the code. That was too quick rush, happily then I realized many people including me do use EXSLT.NET in ASP.NET and it does work fine.

Subsequent investigation shed some light. Using reflection and even heavy sin of instantiating an internal class in XSLT extension object in fact doesn't require Full Trust, but only ReflectionPermission with appropiate flags. Moreover, that just doesn't matter, because using any extension object in XSLT requires real Full Trust due to improved Code Access Security in .NET 1.1. So no matter what we do in EXSLT.NET code, your code (including your XSLT stylesheet) must be fully trusted to be able to use any XSLT extensions. That undoubtedly makes sense otherwise another cool XSLT stylesheet could inspect your hard disk while styling an RSS feed.

The bottom line - to avoid SecurityException when using EXSLT.NET functions in ASP.NET load your XSLT stylesheet from fully trusted place, such as local file system (read more about Code Access Security). If you want to load a stylesheet from a remote web site, you need to make that site fully trusted using either caspol.exe utility or .NET Framework Configuration tool (Mscorcfg.msc).