Document XsltSettings.EnableScript property obsolescence in .NET 10 (#48297)

Author: Copilot

docs/core/compatibility/core-libraries/10.0/obsolete-apis.md

@@ -2,7 +2,7 @@
 title: "Breaking change: .NET 10 obsoletions with custom IDs"
 titleSuffix: ""
 description: Learn about the APIs that have been marked as obsolete in .NET 10 with a custom diagnostic ID.
-ms.date: 03/28/2025
+ms.date: 09/08/2025
 ai-usage: ai-assisted
 ---
 # API obsoletions with non-default diagnostic IDs (.NET 10)
@@ -21,6 +21,7 @@ The following table lists the custom diagnostic IDs and their corresponding warn
 | [SYSLIB0059](../../../../fundamentals/syslib-diagnostics/syslib0059.md) | <xref:Microsoft.Win32.SystemEvents.EventsThreadShutdown?displayProperty=nameWithType> callbacks aren't run before the process exits. Use <xref:System.AppDomain.ProcessExit?displayProperty=nameWithType> instead.  | Warning |
 | [SYSLIB0060](../../../../fundamentals/syslib-diagnostics/syslib0060.md) | <xref:System.Security.Cryptography.Rfc2898DeriveBytes?displayProperty=nameWithType> constructors are obsolete. Use <xref:System.Security.Cryptography.Rfc2898DeriveBytes.Pbkdf2*?displayProperty=nameWithType> instead. | Warning |
 | [SYSLIB0061](../../../../fundamentals/syslib-diagnostics/syslib0061.md) | <xref:System.Linq.Queryable.MaxBy``2(System.Linq.IQueryable{``0},System.Linq.Expressions.Expression{System.Func{``0,``1}},System.Collections.Generic.IComparer{``0})?displayProperty=nameWithType> and <xref:System.Linq.Queryable.MinBy``2(System.Linq.IQueryable{``0},System.Linq.Expressions.Expression{System.Func{``0,``1}},System.Collections.Generic.IComparer{``0})?displayProperty=nameWithType> taking an `IComparer<TSource>` are obsolete. Use the new ones that take an `IComparer<TKey>`. | Warning |
+| [SYSLIB0062](../../../../fundamentals/syslib-diagnostics/syslib0062.md) | <xref:System.Xml.Xsl.XsltSettings.EnableScript?displayProperty=nameWithType> is obsolete. | Warning |
 
 ## Version introduced
 
@@ -64,6 +65,10 @@ These obsoletions can affect [source compatibility](../../categories.md#source-c
 - <xref:System.Linq.Queryable.MaxBy``2(System.Linq.IQueryable{``0},System.Linq.Expressions.Expression{System.Func{``0,``1}},System.Collections.Generic.IComparer{``0})?displayProperty=fullName>
 - <xref:System.Linq.Queryable.MinBy``2(System.Linq.IQueryable{``0},System.Linq.Expressions.Expression{System.Func{``0,``1}},System.Collections.Generic.IComparer{``0})?displayProperty=fullName>
 
+### SYSLIB0062
+
+- <xref:System.Xml.Xsl.XsltSettings.EnableScript?displayProperty=fullName>
+
 ## See also
 
 - [API obsoletions with non-default diagnostic IDs (.NET 9)](../9.0/obsolete-apis-with-custom-diagnostics.md)

docs/core/compatibility/unsupported-apis.md

@@ -2,7 +2,7 @@
 title: Unsupported APIs on .NET Core and .NET 5+
 titleSuffix: ""
 description: Learn which .NET APIs always throw an exception on .NET Core and .NET 5 and later versions.
-ms.date: 11/22/2024
+ms.date: 09/08/2025
 ---
 # APIs that always throw exceptions on .NET Core and .NET 5+
 
@@ -349,6 +349,7 @@ This article organizes the affected APIs by namespace.
 | <xref:System.Xml.XmlDictionaryReader.CreateMtomReader(System.Byte[],System.Int32,System.Int32,System.Text.Encoding[],System.String,System.Xml.XmlDictionaryReaderQuotas,System.Int32,System.Xml.OnXmlDictionaryReaderClose)?displayProperty=nameWithType> | All |
 | <xref:System.Xml.XmlDictionaryReader.CreateMtomReader(System.IO.Stream,System.Text.Encoding[],System.String,System.Xml.XmlDictionaryReaderQuotas,System.Int32,System.Xml.OnXmlDictionaryReaderClose)?displayProperty=nameWithType> | All |
 | <xref:System.Xml.XmlDictionaryWriter.CreateMtomWriter(System.IO.Stream,System.Text.Encoding,System.Int32,System.String,System.String,System.String,System.Boolean,System.Boolean)?displayProperty=nameWithType> | All |
+| <xref:System.Xml.Xsl.XsltSettings.EnableScript?displayProperty=nameWithType> (when set to `true`) | All |
 
 ## See also
 

docs/fundamentals/code-analysis/quality-rules/ca3076.md

@@ -17,18 +17,17 @@ f1_keywords:
 
 ## Cause
 
-If you execute Extensible Stylesheets Language Transformations (XSLT) in .NET applications insecurely, the processor may resolve untrusted URI references that could disclose sensitive information to attackers, leading to Denial of Service and Cross-Site attacks. For more information, see [XSLT Security Considerations(.NET Guide)](../../../standard/data/xml/xslt-security-considerations.md).
+If you execute Extensible Stylesheets Language Transformations (XSLT) in .NET applications insecurely, the processor might resolve untrusted URI references that could disclose sensitive information to attackers, leading to denial of service and cross-site attacks. For more information, see [XSLT Security Considerations (.NET Guide)](../../../standard/data/xml/xslt-security-considerations.md).
 
 ## Rule description
 
-**XSLT** is a World Wide Web Consortium (W3C) standard for transforming XML data. XSLT is typically used to write style sheets to transform XML data to other formats such as HTML, fixed-length text, comma-separated text, or a different XML format. Although prohibited by default, you may choose to enable it for your project.
+*XSLT* is a World Wide Web Consortium (W3C) standard for transforming XML data. XSLT is typically used to write style sheets to transform XML data to other formats such as HTML, fixed-length text, comma-separated text, or a different XML format. Although prohibited by default, you might choose to enable it for your project.
 
 To ensure you're not exposing an attack surface, this rule triggers whenever the XslCompiledTransform.<xref:System.Xml.Xsl.XslCompiledTransform.Load%2A> receives insecure combination instances of <xref:System.Xml.Xsl.XsltSettings> and <xref:System.Xml.XmlResolver>, which allows malicious script processing.
 
 ## How to fix violations
 
-- Replace the insecure XsltSettings argument with XsltSettings.<xref:System.Xml.Xsl.XsltSettings.Default%2A> or with an instance that has disabled document function and script execution.
-
+- Replace the insecure `XsltSettings` argument with <xref:System.Xml.Xsl.XsltSettings.Default?displayProperty=nameWithType> or with an instance that's disabled document function and script execution.
 - Replace the <xref:System.Xml.XmlResolver> argument with null or an <xref:System.Xml.XmlSecureResolver> instance.
 
 ## When to suppress warnings
@@ -150,6 +149,9 @@ namespace TestNamespace
 }
 ```
 
+> [!NOTE]
+> Starting in .NET 10, the <xref:System.Xml.Xsl.XsltSettings.EnableScript%2A> property is marked as obsolete and generates warning `SYSLIB0062`. On .NET (Core), it's no longer necessary to explicitly set this property to `false` since script execution isn't supported.
+
 ## See also
 
-- [XSLT Security Considerations(.NET Guide)](../../../standard/data/xml/xslt-security-considerations.md)
+- [XSLT Security Considerations (.NET Guide)](../../../standard/data/xml/xslt-security-considerations.md)

docs/fundamentals/syslib-diagnostics/obsoletions-overview.md

@@ -82,6 +82,7 @@ The following table provides an index to the `SYSLIB0XXX` obsoletions in .NET 5+
 | [SYSLIB0059](syslib0059.md) | Warning | <xref:Microsoft.Win32.SystemEvents.EventsThreadShutdown?displayProperty=nameWithType> callbacks aren't run before the process exits. Use <xref:System.AppDomain.ProcessExit?displayProperty=nameWithType> instead. |
 | [SYSLIB0060](syslib0060.md) | Warning | Constructors on <xref:System.Security.Cryptography.Rfc2898DeriveBytes?displayProperty=nameWithType> are obsolete. Use <xref:System.Security.Cryptography.Rfc2898DeriveBytes.Pbkdf2%2A?displayProperty=nameWithType> instead. |
 | [SYSLIB0061](syslib0061.md) | Warning | The `Queryable` <xref:System.Linq.Queryable.MaxBy``2(System.Linq.IQueryable{``0},System.Linq.Expressions.Expression{System.Func{``0,``1}},System.Collections.Generic.IComparer{``0})?displayProperty=nameWithType> and <xref:System.Linq.Queryable.MinBy``2(System.Linq.IQueryable{``0},System.Linq.Expressions.Expression{System.Func{``0,``1}},System.Collections.Generic.IComparer{``0})?displayProperty=nameWithType> taking an `IComparer<TSource>` are obsolete. Use the new ones that take an `IComparer<TKey>`. |
+| [SYSLIB0062](syslib0062.md) | Warning | <xref:System.Xml.Xsl.XsltSettings.EnableScript?displayProperty=nameWithType> is obsolete. |
 
 ## Suppress warnings
 

docs/fundamentals/syslib-diagnostics/syslib0061.md

@@ -5,7 +5,7 @@ ms.date: 03/31/2025
 f1_keywords:
   - SYSLIB0061
 ---
-# SYSLIB0061: System.Linq.Queryable.MaxBy and System.Linq.Queryable.MinBy taking an IComparer\<TSource\> are obsolete.
+# SYSLIB0061: System.Linq.Queryable.MaxBy and System.Linq.Queryable.MinBy taking an IComparer\<TSource\> are obsolete
 
 Starting in .NET 10, the two extension methods <xref:System.Linq.Queryable.MaxBy``2(System.Linq.IQueryable{``0},System.Linq.Expressions.Expression{System.Func{``0,``1}},System.Collections.Generic.IComparer{``0})?displayProperty=fullName> and <xref:System.Linq.Queryable.MinBy``2(System.Linq.IQueryable{``0},System.Linq.Expressions.Expression{System.Func{``0,``1}},System.Collections.Generic.IComparer{``0})?displayProperty=fullName> that accept an `IComparer<TSource>` are obsolete. Please use the newly added overloads that accept an `IComparer<TKey>` instead.
 

docs/fundamentals/syslib-diagnostics/syslib0062.md

@@ -0,0 +1,48 @@
+---
+title: SYSLIB0062 warning - XsltSettings.EnableScript is obsolete
+description: Learn about the obsoletion of the XsltSettings.EnableScript property. Use of this property generates compile-time warning SYSLIB0062.
+ms.date: 09/08/2025
+f1_keywords:
+  - SYSLIB0062
+---
+# SYSLIB0062: XsltSettings.EnableScript is obsolete
+
+Starting in .NET 10, the <xref:System.Xml.Xsl.XsltSettings.EnableScript?displayProperty=nameWithType> property is marked obsolete.
+
+## Reason for obsoletion
+
+XSLT script blocks aren't supported on .NET (Core). Previously, if you set the property to `true`, a <xref:System.PlatformNotSupportedException> was thrown at run time. This obsoletion turns a run-time error into a build warning, which provides better guidance for migration.
+
+## Workaround
+
+Review call sites for any assumptions made about the behavior of this property. You can likely remove any references to the property since it didn't truly enable script blocks on modern .NET.
+
+## Suppress a warning
+
+If you must use the obsolete API, you can suppress the warning in code or in your project file.
+
+To suppress only a single violation, add preprocessor directives to your source file to disable and then re-enable the warning.
+
+```csharp
+// Disable the warning.
+#pragma warning disable SYSLIB0062
+
+// Code that uses obsolete API.
+// ...
+
+// Re-enable the warning.
+#pragma warning restore SYSLIB0062
+```
+
+To suppress all the `SYSLIB0062` warnings in your project, add a `<NoWarn>` property to your project file.
+
+```xml
+<Project Sdk="Microsoft.NET.Sdk">
+  <PropertyGroup>
+   ...
+   <NoWarn>$(NoWarn);SYSLIB0062</NoWarn>
+  </PropertyGroup>
+</Project>
+```
+
+For more information, see [Suppress warnings](obsoletions-overview.md#suppress-warnings).

docs/navigate/tools-diagnostics/toc.yml

@@ -4022,6 +4022,8 @@ items:
             href: ../../fundamentals/syslib-diagnostics/syslib0060.md
           - name: SYSLIB0061
             href: ../../fundamentals/syslib-diagnostics/syslib0061.md
+          - name: SYSLIB0062
+            href: ../../fundamentals/syslib-diagnostics/syslib0062.md
       - name: Experimental features
         items:
           - name: Overview

docs/standard/data/xml/script-blocks-using-msxsl-script.md

@@ -7,21 +7,24 @@ dev_langs:
   - "vb"
 ms.assetid: fde6f43f-c594-486f-abcb-2211197fae20
 ---
-# Script Blocks Using msxsl:script
+# Script blocks Using msxsl:script
 
 > [!NOTE]
 > Script blocks are supported only in .NET Framework. They are _not_ supported on .NET Core or .NET 5 or later.
 
 The <xref:System.Xml.Xsl.XslCompiledTransform> class supports embedded scripts using the `msxsl:script` element. When the style sheet is loaded, any defined functions are compiled to common intermediate language (CIL) by the Code Document Object Model (CodeDOM) and are executed during run time. The assembly generated from the embedded script block is separate than the assembly generated for the style sheet.
 
-## Enable XSLT Script
+## Enable XSLT script
 
- Support for embedded scripts is an optional XSLT setting on the <xref:System.Xml.Xsl.XslCompiledTransform> class. Script support is disabled by default. To enable script support, create an <xref:System.Xml.Xsl.XsltSettings> object with the <xref:System.Xml.Xsl.XsltSettings.EnableScript%2A> property set to `true` and pass the object to the <xref:System.Xml.Xsl.XslCompiledTransform.Load%2A> method.
+Support for embedded scripts is an optional XSLT setting on the <xref:System.Xml.Xsl.XslCompiledTransform> class. Script support is disabled by default. To enable script support, create an <xref:System.Xml.Xsl.XsltSettings> object with the <xref:System.Xml.Xsl.XsltSettings.EnableScript%2A> property set to `true` and pass the object to the <xref:System.Xml.Xsl.XslCompiledTransform.Load%2A> method.
+
+> [!WARNING]
+> Starting in .NET 10, the <xref:System.Xml.Xsl.XsltSettings.EnableScript%2A> property is marked as obsolete and generates warning SYSLIB0062. Since script blocks aren't supported on .NET Core or .NET 5+, this property has no effect and setting it to `true` throws a <xref:System.PlatformNotSupportedException> at run time.
 
 > [!NOTE]
 > XSLT scripting should be enabled only if you require script support and you are working in a fully trusted environment.
 
-## msxsl:script Element Definition
+## msxsl:script element definition
 
  The `msxsl:script` element is a Microsoft extension to the XSLT 1.0 recommendation and has the following definition:
 
@@ -46,25 +49,25 @@ The <xref:System.Xml.Xsl.XslCompiledTransform> class supports embedded scripts u
 </msxsl:script>
 ```
 
-## Script Functions
+## Script functions
 
  Functions can be declared within the `msxsl:script` element. When a function is declared, it is contained in a script block. Style sheets can contain multiple script blocks, each operating independent of the other. That means that if you are executing inside a script block, you cannot call a function that you defined in another script block unless it is declared to have the same namespace and the same scripting language. Because each script block can be in its own language, and the block is parsed according to the grammar rules of that language parser we recommend that you use the correct syntax for the language in use. For example, if you are in a Microsoft C# script block, use the C# comment syntax.
 
  The supplied arguments and return values to the function can be of any type. Because the W3C XPath types are a subset of the common language runtime (CLR) types, type conversion takes place on types that are not considered to be an XPath type. The following table shows the corresponding W3C types and the equivalent CLR type.
 
-|W3C type|CLR type|
-|--------------|--------------|
-|`String`|<xref:System.String>|
-|`Boolean`|<xref:System.Boolean>|
-|`Number`|<xref:System.Double>|
-|`Result Tree Fragment`|<xref:System.Xml.XPath.XPathNavigator>|
-|`Node Set`|<xref:System.Xml.XPath.XPathNodeIterator>|
+| W3C type               | CLR type                                  |
+|------------------------|-------------------------------------------|
+| `String`               | <xref:System.String>                      |
+| `Boolean`              | <xref:System.Boolean>                     |
+| `Number`               | <xref:System.Double>                      |
+| `Result Tree Fragment` | <xref:System.Xml.XPath.XPathNavigator>    |
+| `Node Set`             | <xref:System.Xml.XPath.XPathNodeIterator> |
 
  CLR numeric types are converted to <xref:System.Double>. The <xref:System.DateTime> type is converted to <xref:System.String>. <xref:System.Xml.XPath.IXPathNavigable> types are converted to <xref:System.Xml.XPath.XPathNavigator>. **XPathNavigator[]** is converted to <xref:System.Xml.XPath.XPathNodeIterator>.
 
  All other types throw an error.
 
-### Importing Namespaces and Assemblies
+### Import namespaces and assemblies
 
  The <xref:System.Xml.Xsl.XslCompiledTransform> class predefines a set of assemblies and namespaces that are supported by default by the `msxsl:script` element. However, you can use classes and members belonging to a namespace that is not on the predefined list by importing the assembly and namespace in `msxsl:script` block.
 
@@ -73,9 +76,7 @@ The <xref:System.Xml.Xsl.XslCompiledTransform> class supports embedded scripts u
  The following two assemblies are referenced by default:
 
 - System.dll
-
 - System.Xml.dll
-
 - Microsoft.VisualBasic.dll (when the script language is VB)
 
  You can import the additional assemblies using the `msxsl:assembly` element. This includes the assembly when the style sheet is compiled. The `msxsl:assembly` element has the following definition:
@@ -97,19 +98,12 @@ The <xref:System.Xml.Xsl.XslCompiledTransform> class supports embedded scripts u
  The following namespaces are included by default:
 
 - System
-
 - System.Collection
-
 - System.Text
-
 - System.Text.RegularExpressions
-
 - System.Xml
-
 - System.Xml.Xsl
-
 - System.Xml.XPath
-
 - Microsoft.VisualBasic (when the script language is VB)
 
  You can add support for additional namespaces using the `namespace` attribute. The attribute value is the name of the namespace.