[XSL-LIST Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] RE: Saxon Servlet XSLT Version 2.0 Implementation Prob
The most likely explanation is that you are actually running Saxon 6.x rather than Saxon 7.x, as Saxon 6.x will reject the XSLT 2.0 syntax. Use system-property('xsl:vendor') to check what you are running. The Saxon sample servlet code will actually run whichever XSLT processor is selected using the system property javax.xml.transform.TransformerFactory. I often find that it's convenient to hard-code the setting of this property using System.setProperty() in the init() method of the servlet; in other cases I read the desired property value from the init parameters of the servlet. Relying on the classpath tends to be a bit fragile. > > PS Also, some people have mentioned that implementing the > servlet can be a security risk because people can execute > their own xslt using it... possibly, with evil xslt extension > functions that eMail rude mail and wipe the server hard > drive, does anyone know of an easy way to protect against this? It's a good idea to either (a) set the Saxon property that disables extension functions, or (b) disallow the use of arbitrary URLs for the stylesheet. Michael Kay XSL-List info and archive: http://www.mulberrytech.com/xsl/xsl-list
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|