예제 #1
0
        public override object GetOutput()
        {
            //  XSL transforms expose many powerful features by default:
            //  1- we need to pass a null evidence to prevent script execution.
            //  2- XPathDocument will expand entities, we don't want this, so set the resolver to null
            //  3- We don't want the document function feature of XslTransforms.

            // load the XSL Transform
            XslCompiledTransform xslt     = new XslCompiledTransform();
            XmlReaderSettings    settings = new XmlReaderSettings();

            settings.XmlResolver = null;
            settings.MaxCharactersFromEntities = Utils.GetMaxCharactersFromEntities();
            settings.MaxCharactersInDocument   = Utils.GetMaxCharactersInDocument();
            using (StringReader sr = new StringReader(_xslFragment))
            {
                XmlReader readerXsl = XmlReader.Create(sr, settings, (string)null);
                xslt.Load(readerXsl, XsltSettings.Default, null);

                // Now load the input stream, XmlDocument can be used but is less efficient
                XmlReader     reader    = XmlReader.Create(_inputStream, settings, BaseURI);
                XPathDocument inputData = new XPathDocument(reader, XmlSpace.Preserve);

                // Create an XmlTextWriter
                MemoryStream ms     = new MemoryStream();
                XmlWriter    writer = new XmlTextWriter(ms, null);

                // Transform the data and send the output to the memory stream
                xslt.Transform(inputData, null, writer);
                ms.Position = 0;
                return(ms);
            }
        }