MSXML 6, User/PW Auth, ResolveExternals_问答_开发者

开发者 https://www.devze.com 2023-03-22 09:25 出处：网络

If one must load and parse an XML resource from a user/PW-protected URL you cannot just use an MSXML DOM.Load() as far as I can tell.There is no place to specify the credentials.

相关专题：msxml msxml6

If one must load and parse an XML resource from a user/PW-protected URL you cannot just use an MSXML DOM.Load() as far as I can tell. There is no place to specify the credentials.

Yet if you use XMLHTTPRequest to obtain and parse the resource into a DOM (via its .responseXML property) you have nowhere to specify a value for the .resolveExternals property.

This more or less works out when you use MSXML 3, 4, (or even 5)开发者_C百科 where it defaults to True, however in MSXML 6 it defaults to False:

resolveExternals Property:

In MSXML 3.0, MSXML 4.0, and MSXML 5.0 the default resolveExternals value is True. In MSXML 6.0, the default setting is False.

If this property is set to False, no external includes and imports will be resolved.

Is there a way around this that I am not seeing? Normally I need the externals resolved, especially when dealing with XSDs or WSDLs.

Or am I fooling myself, and perhaps .resolveExternals never applies when using XMLHTTPRequest (only DOM.Load() calls)?

Have you tried something like this?

xmlhttp.responseXML.resolveExternals = true; 
xmlhttp.responseXML.setProperty("ProhibitDTD", false);

The only thing is the solution may only work with MSXML XMLHTTP ActiveX object.

Edit: here is a concrete sample with IE9:

var xmlhttp = new ActiveXObject("MSXML2.XMLHTTP.6.0");
// var xmlhttp = new XMLHttpRequest();

xmlhttp.open("GET", "sample.xml", false);
xmlhttp.responseXML.async = false;
xmlhttp.responseXML.resolveExternals = true;
xmlhttp.responseXML.validateOnParse = false;
xmlhttp.responseXML.setProperty("ProhibitDTD", false);
xmlhttp.onreadystatechange = function() {
    if (xmlhttp.readystate == 4 && xmlhttp.status == 200) {
         alert(xmlhttp.responseXML.xml);
    }
}
xmlhttp.send();

sample.xml

<!DOCTYPE data SYSTEM "sample.dtd"><data>&ent;</data>

sample.dtd

<!ENTITY ent "Hello world!">

If you run the above cod with IE9, you'll successfully get the entity resolved. However, if you switch to the commented out XMLHttpRequest, you will fail.

PS: I thought you were talking about scripting inside IE, and there is a Trident native component called XMLHttpRequest which is quite different from XmlHttp ActiveX component. However, if you are referring to IXMLHttpRequest COM interface residing in MSXML6.DLL, you can translate the above code into C++ with ease.