Re: [PATCH v2 0/2] MR9600: msxml: Add support for user-defined functions in msxsl:script blocks.

26 Nov 2025


      This should probably use `INTERFACE_USES_SECURITY_MANAGER` and propagate `QueryService(SID_SInternetHostSecurityManager)` when appropriate, likely based on `IObjectWithSite`. Otherwise, unsafe scripts could use this to bypass the security manager. For example, a webpage could create an XML document and then run xpath with a malicious script; if that script isn’t subject to the security manager, it could freely create objects like `Scripting.FileSystemObject`.
-- 
https://gitlab.winehq.org/wine/wine/-/merge_requests/9600#note_123808

2025

2024

2023

2022

Re: [PATCH v2 0/2] MR9600: msxml: Add support for user-defined functions in msxsl:script blocks.