On Wed Nov 26 11:39:39 2025 +0000, Jacek Caban wrote:
Not not exactly like that, but we do have various implementations of separate bits. domdoc already supports `IObjectSafety`, so it could simply propagate those flags to the script engine during initialization. For the script site, it would need to implement `IServiceProvider` and likely just forward queries to the site set via `IObjectWithSite`. Since script engines are pluggable, it should be possible to write a test using a custom script engine to see how MSXML interacts with it. We have some tests like that, but I'm not sure how practical that is here.
BTW, if you want to see this running under a security manager, you can use something like the [attached](/uploads/fc0b343d05757a5ce01d5c860b7cc0d7/test.html) document in Wine `iexplore.exe`. It’s an empty page, but you’ll see the additional initialization done by the security manager in msxml logs.