diff --git a/docs/core/compatibility/core-libraries/10.0/obsolete-apis.md b/docs/core/compatibility/core-libraries/10.0/obsolete-apis.md index 797c61c39f824..603875dc29d7c 100644 --- a/docs/core/compatibility/core-libraries/10.0/obsolete-apis.md +++ b/docs/core/compatibility/core-libraries/10.0/obsolete-apis.md @@ -2,7 +2,7 @@ title: "Breaking change: .NET 10 obsoletions with custom IDs" titleSuffix: "" description: Learn about the APIs that have been marked as obsolete in .NET 10 with a custom diagnostic ID. -ms.date: 03/28/2025 +ms.date: 09/08/2025 ai-usage: ai-assisted --- # API obsoletions with non-default diagnostic IDs (.NET 10) @@ -21,6 +21,7 @@ The following table lists the custom diagnostic IDs and their corresponding warn | [SYSLIB0059](../../../../fundamentals/syslib-diagnostics/syslib0059.md) | callbacks aren't run before the process exits. Use instead. | Warning | | [SYSLIB0060](../../../../fundamentals/syslib-diagnostics/syslib0060.md) | constructors are obsolete. Use instead. | Warning | | [SYSLIB0061](../../../../fundamentals/syslib-diagnostics/syslib0061.md) | and taking an `IComparer` are obsolete. Use the new ones that take an `IComparer`. | Warning | +| [SYSLIB0062](../../../../fundamentals/syslib-diagnostics/syslib0062.md) | is obsolete. | Warning | ## Version introduced @@ -64,6 +65,10 @@ These obsoletions can affect [source compatibility](../../categories.md#source-c - - +### SYSLIB0062 + +- + ## See also - [API obsoletions with non-default diagnostic IDs (.NET 9)](../9.0/obsolete-apis-with-custom-diagnostics.md) diff --git a/docs/core/compatibility/unsupported-apis.md b/docs/core/compatibility/unsupported-apis.md index d230d80991bad..36b703f05db71 100644 --- a/docs/core/compatibility/unsupported-apis.md +++ b/docs/core/compatibility/unsupported-apis.md @@ -2,7 +2,7 @@ title: Unsupported APIs on .NET Core and .NET 5+ titleSuffix: "" description: Learn which .NET APIs always throw an exception on .NET Core and .NET 5 and later versions. -ms.date: 11/22/2024 +ms.date: 09/08/2025 --- # APIs that always throw exceptions on .NET Core and .NET 5+ @@ -349,6 +349,7 @@ This article organizes the affected APIs by namespace. | | All | | | All | | | All | +| (when set to `true`) | All | ## See also diff --git a/docs/fundamentals/code-analysis/quality-rules/ca3076.md b/docs/fundamentals/code-analysis/quality-rules/ca3076.md index 694b7dd2da321..3b5f05f4eac93 100644 --- a/docs/fundamentals/code-analysis/quality-rules/ca3076.md +++ b/docs/fundamentals/code-analysis/quality-rules/ca3076.md @@ -17,18 +17,17 @@ f1_keywords: ## Cause -If you execute Extensible Stylesheets Language Transformations (XSLT) in .NET applications insecurely, the processor may resolve untrusted URI references that could disclose sensitive information to attackers, leading to Denial of Service and Cross-Site attacks. For more information, see [XSLT Security Considerations(.NET Guide)](../../../standard/data/xml/xslt-security-considerations.md). +If you execute Extensible Stylesheets Language Transformations (XSLT) in .NET applications insecurely, the processor might resolve untrusted URI references that could disclose sensitive information to attackers, leading to denial of service and cross-site attacks. For more information, see [XSLT Security Considerations (.NET Guide)](../../../standard/data/xml/xslt-security-considerations.md). ## Rule description -**XSLT** is a World Wide Web Consortium (W3C) standard for transforming XML data. XSLT is typically used to write style sheets to transform XML data to other formats such as HTML, fixed-length text, comma-separated text, or a different XML format. Although prohibited by default, you may choose to enable it for your project. +*XSLT* is a World Wide Web Consortium (W3C) standard for transforming XML data. XSLT is typically used to write style sheets to transform XML data to other formats such as HTML, fixed-length text, comma-separated text, or a different XML format. Although prohibited by default, you might choose to enable it for your project. To ensure you're not exposing an attack surface, this rule triggers whenever the XslCompiledTransform. receives insecure combination instances of and , which allows malicious script processing. ## How to fix violations -- Replace the insecure XsltSettings argument with XsltSettings. or with an instance that has disabled document function and script execution. - +- Replace the insecure `XsltSettings` argument with or with an instance that's disabled document function and script execution. - Replace the argument with null or an instance. ## When to suppress warnings @@ -150,6 +149,9 @@ namespace TestNamespace } ``` +> [!NOTE] +> Starting in .NET 10, the property is marked as obsolete and generates warning `SYSLIB0062`. On .NET (Core), it's no longer necessary to explicitly set this property to `false` since script execution isn't supported. + ## See also -- [XSLT Security Considerations(.NET Guide)](../../../standard/data/xml/xslt-security-considerations.md) +- [XSLT Security Considerations (.NET Guide)](../../../standard/data/xml/xslt-security-considerations.md) diff --git a/docs/fundamentals/syslib-diagnostics/obsoletions-overview.md b/docs/fundamentals/syslib-diagnostics/obsoletions-overview.md index 43e95dab5bb67..f6a8f835fbe53 100644 --- a/docs/fundamentals/syslib-diagnostics/obsoletions-overview.md +++ b/docs/fundamentals/syslib-diagnostics/obsoletions-overview.md @@ -82,6 +82,7 @@ The following table provides an index to the `SYSLIB0XXX` obsoletions in .NET 5+ | [SYSLIB0059](syslib0059.md) | Warning | callbacks aren't run before the process exits. Use instead. | | [SYSLIB0060](syslib0060.md) | Warning | Constructors on are obsolete. Use instead. | | [SYSLIB0061](syslib0061.md) | Warning | The `Queryable` and taking an `IComparer` are obsolete. Use the new ones that take an `IComparer`. | +| [SYSLIB0062](syslib0062.md) | Warning | is obsolete. | ## Suppress warnings diff --git a/docs/fundamentals/syslib-diagnostics/syslib0061.md b/docs/fundamentals/syslib-diagnostics/syslib0061.md index 6d35bf5e93396..06c3b3889a7a6 100644 --- a/docs/fundamentals/syslib-diagnostics/syslib0061.md +++ b/docs/fundamentals/syslib-diagnostics/syslib0061.md @@ -5,7 +5,7 @@ ms.date: 03/31/2025 f1_keywords: - SYSLIB0061 --- -# SYSLIB0061: System.Linq.Queryable.MaxBy and System.Linq.Queryable.MinBy taking an IComparer\ are obsolete. +# SYSLIB0061: System.Linq.Queryable.MaxBy and System.Linq.Queryable.MinBy taking an IComparer\ are obsolete Starting in .NET 10, the two extension methods and that accept an `IComparer` are obsolete. Please use the newly added overloads that accept an `IComparer` instead. diff --git a/docs/fundamentals/syslib-diagnostics/syslib0062.md b/docs/fundamentals/syslib-diagnostics/syslib0062.md new file mode 100644 index 0000000000000..cd86fc86946bc --- /dev/null +++ b/docs/fundamentals/syslib-diagnostics/syslib0062.md @@ -0,0 +1,48 @@ +--- +title: SYSLIB0062 warning - XsltSettings.EnableScript is obsolete +description: Learn about the obsoletion of the XsltSettings.EnableScript property. Use of this property generates compile-time warning SYSLIB0062. +ms.date: 09/08/2025 +f1_keywords: + - SYSLIB0062 +--- +# SYSLIB0062: XsltSettings.EnableScript is obsolete + +Starting in .NET 10, the property is marked obsolete. + +## Reason for obsoletion + +XSLT script blocks aren't supported on .NET (Core). Previously, if you set the property to `true`, a was thrown at run time. This obsoletion turns a run-time error into a build warning, which provides better guidance for migration. + +## Workaround + +Review call sites for any assumptions made about the behavior of this property. You can likely remove any references to the property since it didn't truly enable script blocks on modern .NET. + +## Suppress a warning + +If you must use the obsolete API, you can suppress the warning in code or in your project file. + +To suppress only a single violation, add preprocessor directives to your source file to disable and then re-enable the warning. + +```csharp +// Disable the warning. +#pragma warning disable SYSLIB0062 + +// Code that uses obsolete API. +// ... + +// Re-enable the warning. +#pragma warning restore SYSLIB0062 +``` + +To suppress all the `SYSLIB0062` warnings in your project, add a `` property to your project file. + +```xml + + + ... + $(NoWarn);SYSLIB0062 + + +``` + +For more information, see [Suppress warnings](obsoletions-overview.md#suppress-warnings). diff --git a/docs/navigate/tools-diagnostics/toc.yml b/docs/navigate/tools-diagnostics/toc.yml index 2220f172b118a..52b37667a3956 100644 --- a/docs/navigate/tools-diagnostics/toc.yml +++ b/docs/navigate/tools-diagnostics/toc.yml @@ -4022,6 +4022,8 @@ items: href: ../../fundamentals/syslib-diagnostics/syslib0060.md - name: SYSLIB0061 href: ../../fundamentals/syslib-diagnostics/syslib0061.md + - name: SYSLIB0062 + href: ../../fundamentals/syslib-diagnostics/syslib0062.md - name: Experimental features items: - name: Overview diff --git a/docs/standard/data/xml/script-blocks-using-msxsl-script.md b/docs/standard/data/xml/script-blocks-using-msxsl-script.md index ffe21e97d91ad..37a862edff588 100644 --- a/docs/standard/data/xml/script-blocks-using-msxsl-script.md +++ b/docs/standard/data/xml/script-blocks-using-msxsl-script.md @@ -7,21 +7,24 @@ dev_langs: - "vb" ms.assetid: fde6f43f-c594-486f-abcb-2211197fae20 --- -# Script Blocks Using msxsl:script +# Script blocks Using msxsl:script > [!NOTE] > Script blocks are supported only in .NET Framework. They are _not_ supported on .NET Core or .NET 5 or later. The class supports embedded scripts using the `msxsl:script` element. When the style sheet is loaded, any defined functions are compiled to common intermediate language (CIL) by the Code Document Object Model (CodeDOM) and are executed during run time. The assembly generated from the embedded script block is separate than the assembly generated for the style sheet. -## Enable XSLT Script +## Enable XSLT script - Support for embedded scripts is an optional XSLT setting on the class. Script support is disabled by default. To enable script support, create an object with the property set to `true` and pass the object to the method. +Support for embedded scripts is an optional XSLT setting on the class. Script support is disabled by default. To enable script support, create an object with the property set to `true` and pass the object to the method. + +> [!WARNING] +> Starting in .NET 10, the property is marked as obsolete and generates warning SYSLIB0062. Since script blocks aren't supported on .NET Core or .NET 5+, this property has no effect and setting it to `true` throws a at run time. > [!NOTE] > XSLT scripting should be enabled only if you require script support and you are working in a fully trusted environment. -## msxsl:script Element Definition +## msxsl:script element definition The `msxsl:script` element is a Microsoft extension to the XSLT 1.0 recommendation and has the following definition: @@ -46,25 +49,25 @@ The class supports embedded scripts u ``` -## Script Functions +## Script functions Functions can be declared within the `msxsl:script` element. When a function is declared, it is contained in a script block. Style sheets can contain multiple script blocks, each operating independent of the other. That means that if you are executing inside a script block, you cannot call a function that you defined in another script block unless it is declared to have the same namespace and the same scripting language. Because each script block can be in its own language, and the block is parsed according to the grammar rules of that language parser we recommend that you use the correct syntax for the language in use. For example, if you are in a Microsoft C# script block, use the C# comment syntax. The supplied arguments and return values to the function can be of any type. Because the W3C XPath types are a subset of the common language runtime (CLR) types, type conversion takes place on types that are not considered to be an XPath type. The following table shows the corresponding W3C types and the equivalent CLR type. -|W3C type|CLR type| -|--------------|--------------| -|`String`|| -|`Boolean`|| -|`Number`|| -|`Result Tree Fragment`|| -|`Node Set`|| +| W3C type | CLR type | +|------------------------|-------------------------------------------| +| `String` | | +| `Boolean` | | +| `Number` | | +| `Result Tree Fragment` | | +| `Node Set` | | CLR numeric types are converted to . The type is converted to . types are converted to . **XPathNavigator[]** is converted to . All other types throw an error. -### Importing Namespaces and Assemblies +### Import namespaces and assemblies The class predefines a set of assemblies and namespaces that are supported by default by the `msxsl:script` element. However, you can use classes and members belonging to a namespace that is not on the predefined list by importing the assembly and namespace in `msxsl:script` block. @@ -73,9 +76,7 @@ The class supports embedded scripts u The following two assemblies are referenced by default: - System.dll - - System.Xml.dll - - Microsoft.VisualBasic.dll (when the script language is VB) You can import the additional assemblies using the `msxsl:assembly` element. This includes the assembly when the style sheet is compiled. The `msxsl:assembly` element has the following definition: @@ -97,19 +98,12 @@ The class supports embedded scripts u The following namespaces are included by default: - System - - System.Collection - - System.Text - - System.Text.RegularExpressions - - System.Xml - - System.Xml.Xsl - - System.Xml.XPath - - Microsoft.VisualBasic (when the script language is VB) You can add support for additional namespaces using the `namespace` attribute. The attribute value is the name of the namespace.