[XSL-LIST Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] RE: xsl 1.1 security model?
> There's an interesting problem with xslt 1.1 client-side security. > > Two of the main features are the document and script elements. Is the problem any different from scripts/applets run from an HTML page in the browser? Obviously a browser has to limit what such code can do, but I can't see that XSL creates any new requirements beyond dynamic HTML. > I think that the spec should say something about user-agents > having the ability to disable xsl:script (for anything except XSLT, of course). I guess a note to that effect wouldn't do any harm. But of course the implementor has the option to ignore xsl:script entirely, so such a note wouldn't add anything substantive to the spec. Mike Kay Software AG XSL-List info and archive: http://www.mulberrytech.com/xsl/xsl-list
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|