Cart
|
[XSL-LIST Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] RE: Saxon Servlet XSLT Version 2.0 Implementation Prob
 The most likely explanation is that you are actually running Saxon 6.x
rather than Saxon 7.x, as Saxon 6.x will reject the XSLT 2.0 syntax. Use
system-property('xsl:vendor') to check what you are running.
The Saxon sample servlet code will actually run whichever XSLT processor
is selected using the system property
javax.xml.transform.TransformerFactory. I often find that it's
convenient to hard-code the setting of this property using
System.setProperty() in the init() method of the servlet; in other cases
I read the desired property value from the init parameters of the
servlet. Relying on the classpath tends to be a bit fragile.
>
> PS Also, some people have mentioned that implementing the
> servlet can be a security risk because people can execute
> their own xslt using it... possibly, with evil xslt extension
> functions that eMail rude mail and wipe the server hard
> drive, does anyone know of an easy way to protect against this?
It's a good idea to either (a) set the Saxon property that disables
extension functions, or (b) disallow the use of arbitrary URLs for the
stylesheet.
Michael Kay
XSL-List info and archive: http://www.mulberrytech.com/xsl/xsl-list
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! 
Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|
