Windows LiveWindows Live
 
 
ProfileSitecore APIBlogLists Tools Help

Blog
    December 05

    XSLT security

    In V5.3 it is possible to completely disable security for all descendants of WebControl (including XslFile). Simply set the property 'DisableSecurity' to 'true' on the control.

    For XSLT files, we have created two new XSL controls that can be used to enable and disable security for specific sections in an XSLT file.

    An example is provided below:

    <xsl:template match="*" mode="main">
      <h2>Security enabled</h2>
      <sc:enableSecurity>
        <xsl:for-each select="item">
          Child <xsl:value-of select="position()"/><br/>
          <sc:text field="@name"/><br/>
          <br/>
        </xsl:for-each>
      </sc:enableSecurity>

      <h2>Security disabled</h2>
      <sc:disableSecurity>
        <xsl:for-each select="item">
          Child <xsl:value-of select="position()"/><br/>
          <sc:text field="@name"/><br/>
          <br/>
        </xsl:for-each>
      </sc:disableSecurity>
    </xsl:template>


    The <sc:enableSecurity> surrounds its containing statements with a
    Context.Security.EnterState(SecurityState.Enabled) and a Context.Security.ExitState().

    The <sc:disableSecurity> surrounds its containing statements with a
    Context.Security.EnterState(SecurityState.Disabled) and a Context.Security.ExitState().

    After preprocessing, the code will look like this:

      <xsl:template match="*" mode="main">
        <h2>Security enabled</h2>
        <xsl:if test="true()">
          <xsl:value-of select="sc:EnterSecurityState(true())" />
          <xsl:for-each select="item">
          Child <xsl:value-of select="position()" /><br />
              <xsl:value-of select="sc:fld('@name', .)" disable-output-escaping="yes" />=
          <xsl:value-of select="sc:fld('title', .)" disable-output-escaping="yes" /><br /><br /></xsl:for-each>
          <xsl:value-of select="sc:ExitSecurityState()" />
        </xsl:if>
        <h2>Security disabled</h2>
        <xsl:if test="true()">
          <xsl:value-of select="sc:EnterSecurityState(false())" />
          <xsl:for-each select="item">
          Child <xsl:value-of select="position()" /><br />
          <xsl:value-of select="sc:fld(    '@name', .)" disable-output-escaping="yes" />=
          <xsl:value-of select="sc:fld('title', .)" disable-output-escaping="yes" /><br /><br /></xsl:for-each>
          <xsl:value-of select="sc:ExitSecurityState()" />
        </xsl:if>
      </xsl:template>

    12:35 PM | Blog it

    Comments (1)

    Please wait...
    Sorry, the comment you entered is too long. Please shorten it.
    You didn't enter anything. Please try again.
    Sorry, we can't add your comment right now. Please try again later.
    To add a comment, you need permission from your parent. Ask for permission
    Your parent has turned off comments.
    Sorry, we can't delete your comment right now. Please try again later.
    You've exceeded the maximum number of comments that can be left in one day. Please try again in 24 hours.
    Your account has had the ability to leave comments disabled because our systems indicate that you may be spamming other users. If you believe that your account has been disabled in error please contact Windows Live support.
    Complete the security check below to finish leaving your comment.
    The characters you type in the security check must match the characters in the picture or audio.

    To add a comment, sign in with your Windows Live ID (if you use Hotmail, Messenger, or Xbox LIVE, you have a Windows Live ID). Sign in


    Don't have a Windows Live ID? Sign up
    No namewrote:
    突破网络封锁 了解外面的世界 自.由.之.门 .无.界.浏.览.下载 欢迎访问 天佑中华
    June 30

    Trackbacks

    The trackback URL for this entry is:
    http://sitecore.spaces.live.com/blog/cns!E2F0554546F0A020!161.trak
    Weblogs that reference this entry
    • None