diff --git a/includes/untrusted-data-instance-note.md b/includes/untrusted-data-instance-note.md index 44ab7776a9c..d7df9e5adbb 100644 --- a/includes/untrusted-data-instance-note.md +++ b/includes/untrusted-data-instance-note.md @@ -1,2 +1,2 @@ > [!IMPORTANT] -> Using an instance of this object with untrusted data is a security risk. Use this object only with trusted data. For more information, see [Validate All Inputs](https://top10proactive.owasp.org/archive/2024/the-top-10/c3-validate-input-and-handle-exceptions/). +> Using an instance of this type with untrusted data is a security risk. Use this object only with trusted data. For more information, see [Validate All Inputs](https://top10proactive.owasp.org/archive/2024/the-top-10/c3-validate-input-and-handle-exceptions/). diff --git a/xml/System.Speech.Recognition.SrgsGrammar/SrgsDocument.xml b/xml/System.Speech.Recognition.SrgsGrammar/SrgsDocument.xml index b6940cc086b..1c329a5e37b 100644 --- a/xml/System.Speech.Recognition.SrgsGrammar/SrgsDocument.xml +++ b/xml/System.Speech.Recognition.SrgsGrammar/SrgsDocument.xml @@ -857,6 +857,8 @@ public void WorldSoccerWinners () ## Remarks property gets a value that is used to resolve relative URIs in a object. Suppose the value for is `http://www.contoso.com/` and the contains a relative rule reference to another document, for example `SrgsRuleRef("ExternalGrammar.grxml")`. This creates the following absolute path to the external document: `http://www.contoso.com/ExternalGrammar.grxml`. +[!INCLUDE [untrusted-data-instance-note](~/includes/untrusted-data-instance-note.md)] + ]]> diff --git a/xml/System.Speech.Recognition.SrgsGrammar/SrgsRuleRef.xml b/xml/System.Speech.Recognition.SrgsGrammar/SrgsRuleRef.xml index 73f6a88ae2e..8654f234ae9 100644 --- a/xml/System.Speech.Recognition.SrgsGrammar/SrgsRuleRef.xml +++ b/xml/System.Speech.Recognition.SrgsGrammar/SrgsRuleRef.xml @@ -52,6 +52,8 @@ This class represents the `ruleref` element as defined in the World Wide Web Consortium (W3C) [Speech Recognition Grammar Specification (SRGS) Version 1.0](https://go.microsoft.com/fwlink/?LinkId=201761). For information about the SRGS `ruleref` element and details about its support by System.Speech, see [ruleref Element](https://msdn.microsoft.com/library/56eb0031-4908-4788-83ab-7c5e19aa4ac0). +[!INCLUDE [untrusted-data-instance-note](~/includes/untrusted-data-instance-note.md)] + ]]> Create Grammars Using SrgsGrammar @@ -211,7 +213,7 @@ public void WorldSoccerWinners () - - +[!INCLUDE [untrusted-data-instance-note](~/includes/untrusted-data-instance-note.md)] ## Examples The following example creates a grammar for an application that returns information about bus shuttle service. The first method, `GrammarUrlForRoute`, takes a string that specifies a route and appends it to a string specifying the location of a grammar. This specifies a particular rule in that grammar. The method returns a `Uri` for that rule. @@ -407,6 +409,8 @@ namespace SampleRecognition - +[!INCLUDE [untrusted-data-instance-note](~/includes/untrusted-data-instance-note.md)] + ]]> @@ -497,6 +501,8 @@ namespace SampleRecognition - +[!INCLUDE [untrusted-data-instance-note](~/includes/untrusted-data-instance-note.md)] + ]]> @@ -546,6 +552,8 @@ namespace SampleRecognition - +[!INCLUDE [untrusted-data-instance-note](~/includes/untrusted-data-instance-note.md)] + ]]> Create Grammars Using SrgsGrammar diff --git a/xml/System.Speech.Recognition/Grammar.xml b/xml/System.Speech.Recognition/Grammar.xml index 568e93eebf6..673bfaebf5d 100644 --- a/xml/System.Speech.Recognition/Grammar.xml +++ b/xml/System.Speech.Recognition/Grammar.xml @@ -45,9 +45,11 @@ The grammar's event is raised when input matches a path through the grammar. +[!INCLUDE [untrusted-data-instance-note](~/includes/untrusted-data-instance-note.md)] + > [!NOTE] -> It is a best practice to verify the safety of any URI or DLL used to build a object. -> +> It is a best practice to verify the safety of any URI or DLL used to build a object, which helps prevent security vulnerabilities when loading external resources. +> > Windows and the Speech platform provide security for applications constructing a instance from a DLL or from a grammar that supports scripting. > > Scripts in objects are always run as if downloaded from a web page in the `Internet Zone`. The Common Language Runtime (CLR) isolates any DLL loaded to obtain a grammar definition. @@ -944,6 +946,7 @@ private static Grammar CreateGrammarFromFile2() This constructor does not validate `baseUri`. However, the `LoadGrammar` method of a or object throws an exception if it cannot resolve all of the rule references in the grammar description. If `baseUri` is not `null`, the `LoadGrammar` method uses the URI to resolve any rule references that it cannot otherwise resolve. If `baseUri` represents a file, then the `LoadGrammar` uses both the designated file and the file's directory when it attempts to resolve relative rule references. +[!INCLUDE [untrusted-data-instance-note](~/includes/untrusted-data-instance-note.md)] ## Examples @@ -1112,7 +1115,7 @@ private static Grammar CreateGrammarFromStream3() This constructor does not validate `baseUri`. However, the `LoadGrammar` method of a or object throws an exception if it cannot resolve all of the rule references in the grammar description. If `baseUri` is not `null`, the `LoadGrammar` method uses the URI to resolve any rule references that it cannot otherwise resolve. If `baseUri` represents a file, then the `LoadGrammar` method uses both the designated file and the file's directory when it attempts to resolve relative rule references. - +[!INCLUDE [untrusted-data-instance-note](~/includes/untrusted-data-instance-note.md)] ## Examples The following example creates a speech recognition grammar in an that contains a relative rule reference to the cities.xml file, and specifies a URI to use to resolve the rule reference. The content of the cities.xml file appears in the XML example that follows the C# example. @@ -1276,6 +1279,8 @@ private static Grammar CreateSrgsDocumentGrammar3() ## Remarks Parameters for an initialization handler may also be specified. +[!INCLUDE [untrusted-data-instance-note](~/includes/untrusted-data-instance-note.md)] + ]]> - Any of the parameters contain an invalid value. @@ -1329,6 +1334,8 @@ private static Grammar CreateSrgsDocumentGrammar3() ## Remarks Parameters for an initialization handler may also be specified. +[!INCLUDE [untrusted-data-instance-note](~/includes/untrusted-data-instance-note.md)] + ]]> - Any of the parameters contain an invalid value. diff --git a/xml/System.Speech.Synthesis.TtsEngine/ITtsEngineSite.xml b/xml/System.Speech.Synthesis.TtsEngine/ITtsEngineSite.xml index 4c7a230d5b8..e714ea25268 100644 --- a/xml/System.Speech.Synthesis.TtsEngine/ITtsEngineSite.xml +++ b/xml/System.Speech.Synthesis.TtsEngine/ITtsEngineSite.xml @@ -179,7 +179,14 @@ The media type of the resource. Loads the resource at the specified URI. To be added. - To be added. + + + diff --git a/xml/System.Speech.Synthesis.TtsEngine/TtsEngineSsml.xml b/xml/System.Speech.Synthesis.TtsEngine/TtsEngineSsml.xml index 21d810b48b5..e3defbceca3 100644 --- a/xml/System.Speech.Synthesis.TtsEngine/TtsEngineSsml.xml +++ b/xml/System.Speech.Synthesis.TtsEngine/TtsEngineSsml.xml @@ -122,7 +122,7 @@ The value of `mediaType` is typically a MIME specification, as the SSML specification uses MIME for media specifications. - +[!INCLUDE [untrusted-data-class-note](~/includes/untrusted-data-class-note.md)] ## Examples The implementation of uses the interface passed in to load a lexicon from a resource. It then stores a `System.IO.Stream` to the lexicon in a `System.Collections.Generic.Dictionary` instance, indexed by the lexicon URI. @@ -275,7 +275,7 @@ internal struct WaveFormat { This method is typically called in response to a based applications calling and using the synthesizer voice implemented by the current instance. - +[!INCLUDE [untrusted-data-class-note](~/includes/untrusted-data-class-note.md)] ## Examples The implementation of uses the lexicon URI to query an instance `System.Collections.Generic.Dictionary` for the `System.IO.Stream`, closes the stream and removes the uri referring to the lexicon. diff --git a/xml/System.Speech.Synthesis/FilePrompt.xml b/xml/System.Speech.Synthesis/FilePrompt.xml index 04aeadf0009..3b147c563f8 100644 --- a/xml/System.Speech.Synthesis/FilePrompt.xml +++ b/xml/System.Speech.Synthesis/FilePrompt.xml @@ -67,7 +67,8 @@ ## Remarks You can use this class to create an object from an existing Speech Synthesis Markup Language (SSML) file that the can consume to generate speech. - +[!INCLUDE [untrusted-data-instance-note](~/includes/untrusted-data-instance-note.md)] + ## Examples The example that follows creates a object that specifies a path to an SSML prompt. To speak the contents of the prompt, the example then provides the object as the argument to the method. @@ -150,7 +151,14 @@ namespace SampleSynthesis The URI of the file containing the prompt content. The media type of the file. Creates a new instance of the class, and specifies the location of the file and its media type. - To be added. + + + diff --git a/xml/System.Speech.Synthesis/PromptBuilder.xml b/xml/System.Speech.Synthesis/PromptBuilder.xml index 181de206e58..9f0a8a7c8a4 100644 --- a/xml/System.Speech.Synthesis/PromptBuilder.xml +++ b/xml/System.Speech.Synthesis/PromptBuilder.xml @@ -229,6 +229,8 @@ public void MySimpleText () class and then adds text to it, followed by an audio file. @@ -291,6 +293,7 @@ public void SimpleConcatenation() ## Remarks The speech synthesis engine will speak the alternate text if the audio file cannot be played. +[!INCLUDE [untrusted-data-class-note](~/includes/untrusted-data-class-note.md)] ## Examples @@ -874,6 +877,7 @@ namespace SampleSynthesis You can also append SSML markup as a string using . +[!INCLUDE [untrusted-data-class-note](~/includes/untrusted-data-class-note.md)] ## Examples diff --git a/xml/System.Speech.Synthesis/SpeechSynthesizer.xml b/xml/System.Speech.Synthesis/SpeechSynthesizer.xml index 06bb0260fca..8eb8ce3592c 100644 --- a/xml/System.Speech.Synthesis/SpeechSynthesizer.xml +++ b/xml/System.Speech.Synthesis/SpeechSynthesizer.xml @@ -164,6 +164,7 @@ namespace SampleSynthesis - The value `application/vdn.ms-sapi-lex` indicates that the lexicon format is Uncompressed Lexicon, which is a Microsoft-proprietary format. This is a legacy format and we recommend that you use the PLS format described above. +[!INCLUDE [untrusted-data-class-note](~/includes/untrusted-data-class-note.md)] ## Examples @@ -766,6 +767,8 @@ namespace SampleSynthesis ## Remarks See for an example. +[!INCLUDE [untrusted-data-class-note](~/includes/untrusted-data-class-note.md)] + ]]>