RE: xsl 1.1 security model?

Play the video

Subject: RE: xsl 1.1 security model?
From: "Michael Kay" <mhkay@xxxxxxxxxxxx>
Date: Thu, 22 Mar 2001 03:46:36 -0000

> There's an interesting problem with xslt 1.1 client-side security.
>
> Two of the main features are the document and script elements.

Is the problem any different from scripts/applets run from an HTML page in
the browser? Obviously a browser has to limit what such code can do, but I
can't see that XSL creates any new requirements beyond dynamic HTML.

> I think that the spec should say something about user-agents
> having the ability to disable xsl:script (for anything except XSLT, of
course).

I guess a note to that effect wouldn't do any harm. But of course the
implementor has the option to ignore xsl:script entirely, so such a note
wouldn't add anything substantive to the spec.

Mike Kay
Software AG


 XSL-List info and archive:  http://www.mulberrytech.com/xsl/xsl-list

Current Thread
xsl 1.1 security model? Francis Norton - Wed, 21 Mar 2001 14:05:45 -0500 (EST) Michael Kay - Wed, 21 Mar 2001 22:50:52 -0500 (EST) <= Francis Norton - Fri, 23 Mar 2001 11:20:57 -0500 (EST) Michael Kay - Sun, 25 Mar 2001 03:15:31 -0500 (EST) David Carlisle - Sun, 25 Mar 2001 05:04:35 -0500 (EST) Lee Goddard - Sun, 25 Mar 2001 09:01:02 -0500 (EST)

<- Previous	Index	Next ->
xsl 1.1 security model?, Francis Norton	Thread	Re: xsl 1.1 security model?, Francis Norton
RE: [XSLT] [Q] Recursion Ques, Michael Kay	Date	Selection Criteria in XSL, James J Nampalam
	Month

PURCHASE STYLUS STUDIO ONLINE TODAY!

Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced!

Download The World's Best XML IDE!

Accelerate XML development with our award-winning XML IDE - Download a free trial today!

Subscribe in XML format

RSS 2.0
Atom 0.3

XML Editor - Download a 15 Day Free Trial Now >

See What's New in Stylus Studio >

Buy Stylus Studio - XML Editor - Now >