[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] RE: What the .... ? Referencing XSL stylesheets across domains
--- Dare Obasanjo <dareo@m...> wrote: > Security and convenience are a continuom. In today's internet connected > world, one typically has to trade up some convenience if they want security. > We are all witnesses to what happened when Microsoft leaned more towards > convenience than security in our products. I'm quite glad that we've decided > to shift to the other side and trade up convenience for more security. First of all, can anyone confirm that this restriction is in fact intended to prevent some sort of attack? I think I'm the person who originally suggested that might be the reason, but I have no idea if that is in fact the case. Second, if script in stylesheets is the problem, then the issue is with Microsoft's extensions to XSLT, not XSLT itself. In that case, a better solution might be to disable those scripting extensions in stylesheets from a foreign domain, not refuse to load the stylesheet at all. Jim ===== Jim Ancona jim@a... jancona@x... __________________________________________________ Do You Yahoo!? HotJobs - Search Thousands of New Jobs http://www.hotjobs.com
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|