This is the mail archive of the xsl-list@mulberrytech.com mailing list .

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]

RE: xsl 1.1 security model?

To: <xsl-list at lists dot mulberrytech dot com>
Subject: RE: [xsl] xsl 1.1 security model?
From: "Michael Kay" <mhkay at iclway dot co dot uk>
Date: Sat, 24 Mar 2001 03:36:16 +0100
Reply-To: xsl-list at lists dot mulberrytech dot com

> The ability to write to multiple named documents seems to me
> to be just
> as dangerous as the ability to call external scripts (if not more so -
> after all, ecmascript has no standard way of writing to named files).
>
> Should the xsl:document element be enabled client-side, or is
> the answer
> so obvious that the question didn't need asking?
>
> And would an implementation that disabled the xsl:document element
> client-side still be XSLT 1.1 compliant?
>
It's my understanding that Microsoft are reluctant to implement this feature
client-side, and I think the spec is clear that it's not required for
conformance.

This approach makes sense, since the requirement for the feature is mainly
fur use during the publishing cycle, not in client-side rendering.

Mike Kay
Software AG


 XSL-List info and archive:  http://www.mulberrytech.com/xsl/xsl-list

Follow-Ups:
- Re: xsl 1.1 security model?
  - From: David Carlisle
- Re: xsl 1.1 security model?
  - From: Francis Norton

References:
- Re: xsl 1.1 security model?
  - From: Francis Norton

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]