In V5.3 it is possible to completely disable security for all descendants of WebControl (including XslFile). Simply set the property ‘DisableSecurity’ to ‘true’ on the control.
For XSLT files, we have created two new XSL controls that can be used to enable and disable security for specific sections in an XSLT file.
An example is provided below:
<xsl:template match="*" mode="main">
<h2>Security enabled</h2>
<sc:enableSecurity>
<xsl:for-each select="item">
Child <xsl:value-of select="position()"/><br/>
<sc:text field="@name"/><br/>
<br/>
</xsl:for-each>
</sc:enableSecurity>
<h2>Security disabled</h2>
<sc:disableSecurity>
<xsl:for-each select="item">
Child <xsl:value-of select="position()"/><br/>
<sc:text field="@name"/><br/>
<br/>
</xsl:for-each>
</sc:disableSecurity>
</xsl:template>
The <sc:enableSecurity> surrounds its containing statements with a
Context.Security.EnterState(SecurityState.Enabled) and a Context.Security.ExitState().
The <sc:disableSecurity> surrounds its containing statements with a
Context.Security.EnterState(SecurityState.Disabled) and a Context.Security.ExitState().
After preprocessing, the code will look like this:
<xsl:template match="*" mode="main">
<h2>Security enabled</h2>
<xsl:if test="true()">
<xsl:value-of select="sc:EnterSecurityState(true())" />
<xsl:for-each select="item">
Child <xsl:value-of select="position()" /><br />
<xsl:value-of select="sc:fld(‘@name’, .)" disable-output-escaping="yes" />=
<xsl:value-of select="sc:fld(‘title’, .)" disable-output-escaping="yes" /><br /><br /></xsl:for-each>
<xsl:value-of select="sc:ExitSecurityState()" />
</xsl:if>
<h2>Security disabled</h2>
<xsl:if test="true()">
<xsl:value-of select="sc:EnterSecurityState(false())" />
<xsl:for-each select="item">
Child <xsl:value-of select="position()" /><br />
<xsl:value-of select="sc:fld(‘@name’, .)" disable-output-escaping="yes" />=
<xsl:value-of select="sc:fld(‘title’, .)" disable-output-escaping="yes" /><br /><br /></xsl:for-each>
<xsl:value-of select="sc:ExitSecurityState()" />
</xsl:if>
</xsl:template>
