This is the mail archive of the
xsl-list@mulberrytech.com
mailing list .
RE: Re: Saxon Servlet
- To: xsl-list <xsl-list at lists dot mulberrytech dot com>
- Subject: [xsl] RE: Re: Saxon Servlet
- From: owner-xsl-list at lists dot mulberrytech dot com (by way of B. Tommie Usdin)
- Date: Fri, 2 Mar 2001 09:30:29 -0500
- Reply-To: xsl-list at lists dot mulberrytech dot com
Date: Thu, 1 Mar 2001 21:38:33 -0800 (PST)
From: Dimitre Novatchev <dnovatchev@yahoo.com>
Subject: RE: Re: Saxon Servlet
To: mhkay@iclway.co.uk
Cc: xsl-list@lists.mulberrytech.com
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Michael Kay wrote:
>
> > I am having a very simple problem (even though I do not know
> > how to solve
> > it :)) with the SaxonServlet provided with the src code
> > samples. Basically,
> > I want to pass both my XML source and XSL source as URL's
> > which are located on a different machine.
>
> There are security reasons why this isn't allowed, someone running a web
> site doesn't want users to be able to run an arbitrary stylesheet, possibly
> containing calls on extension functions, on that server.
But this does not mean that the idea is useless or that it cannot be
implemented.
You could have a big collection of different XSLT processors on the server
and give anyone anywhere the ability to have their xml docs remotely
transformed
with their xslt stylesheets.
The users don't need to have any xslt processor installed on their
client computer,
nor will they have any problems in upgrading to the latest versions.
One could create and post for processing from any computer -- even
when on vacation,
from an Internet Cafe or while at a conference...
In fact there's an implementation -- the Remote XML Workbench allows clients
to post two string parameters, one -- the text of an xml document,
the other -- the text of a stylesheet.
The user can select between MSXML and Saxon 5.4
On the server the stylesheet is applied to the xml document
and the result string is returned to the client.
It is true that there are serious security issues. They are dealt with
by pre-scanning the provided stylesheet with a security checking stylesheet.
Since last August there hasn't been a single security violation.
The only problem is that MSXML can crash under deep recursive
processing -- I'm really impatient to have this finally fixed in MSXML.
Dimitre Novatchev.
__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail.
http://personal.mail.yahoo.com/
XSL-List info and archive: http://www.mulberrytech.com/xsl/xsl-list