Re: [PATCH v2 0/2] MR9600: msxml: Add support for user-defined functions in msxsl:script blocks.

This should probably use `INTERFACE_USES_SECURITY_MANAGER` and propagate `QueryService(SID_SInternetHostSecurityManager)` when appropriate, likely based on `IObjectWithSite`. Otherwise, unsafe scripts could use this to bypass the security manager. For example, a webpage could create an XML document and then run xpath with a malicious script; if that script isn’t subject to the security manager, it could freely create objects like `Scripting.FileSystemObject`. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/9600#note_123808