XML Editor - Download a Free Trial >
See What's New >
Buy Now >

[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

Re: defining correctness for an XML transformation - how?

  • From: "Liam R. E. Quin" <liam@fromoldbooks.org>
  • To: "C. M. Sperberg-McQueen" <cmsmcq@blackmesatech.com>, Roger L Costello <costello@m...>
  • Date: Thu, 04 Jul 2024 17:18:54 -0400
Re: defining correctness for an XML transformation - how?
Play the video
On Thu, 2024-07-04 at 07:49 -0600, C. M. Sperberg-McQueen wrote:
> 
> 
>      (1) for every Airport_Name element $i in I, there is some name
>          element $o in O such that $o has only one child node (a text
>          node) and string($o) = normalize-space($i);
> 
>      (2) for every name element $o in O, there is some Airport_Name
>          element $i in I such that string($o) = normalize-space($i).

Often forgotten, and responsible for a great number of security
problems:

  (3) there is no other element in O than the wrapper element and
      AirportName elements

  (4) there is no use of external XML entities in O,
      no internal subset, and no additional namespace declarations
      (e.g. xsi: to alter where a schema is sought, and possibly
      introduce default values)

  (5) the output O is well-formed XML

  (6) no additional files or resources are consulted or created in
      the transformation process

  (7) the transformation must complete without using excess memory of
CPU time or other system resources.

In other words, a transformation that handles the data as specified
must not have additional side-effects.

XSLT 2 and later can do things like
    unparsed-text("/etc/passwd") ! replace(':.*$'. '')
to get a list of registered user accounts on a system, for example.
Running the transformation in a sandbox can limit this.

So, there’s a pragmatic side to correctness often ignored in the
textbooks, partly for simplicity as the closer you get to the edge of
your system, the harder it gets to specify and measure things.

liam

-- 
Liam Quin, https://www.delightfulcomputing.com/
Available for XML/Document/Information Architecture/XSLT/
XSL/XQuery/Web/Text Processing/A11Y training, work & consulting.
Barefoot Web-slave, antique illustrations:  http://www.fromoldbooks.org
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]

PURCHASE STYLUS STUDIO ONLINE TODAY!

Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced!

Buy Stylus Studio Now

Download The World's Best XML IDE!

Accelerate XML development with our award-winning XML IDE - Download a free trial today!

Don't miss another message! Subscribe to this list today.
Email
First Name
Last Name
Company
Subscribe in XML format
RSS 2.0
Atom 0.3
 

Stylus Studio has published XML-DEV in RSS and ATOM formats, enabling users to easily subcribe to the list from their preferred news reader application.


Stylus Studio Sponsored Links are added links designed to provide related and additional information to the visitors of this website. they were not included by the author in the initial post. To view the content without the Sponsor Links please click here.

XML Editor - Download a 15 Day Free Trial Now >
See What's New in Stylus Studio >
Buy Stylus Studio - XML Editor - Now >
Site Map | Privacy Policy | Terms of Use | Trademarks
Free Stylus Studio XML Training:
W3C Member
Stylus Studio® and DataDirect XQuery ™are products from DataDirect Technologies, is a registered trademark of Progress Software Corporation, in the U.S. and other countries. © 2004-2013 All Rights Reserved.