This is the mail archive of the docbook-apps@lists.oasis-open.org mailing list .


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

RE: Newbie troubles with Docbook/XML + XHTML


John,
I don't know about #1--doesn't seem like the xmlns should be a problem,
but you can satisfy #2 and #3 with a simple customization layer. In
order to get the output you want, you pretty much have to have an xsl
where you change some parameters, but it's easy to maintain--just change
the path in the xsl:import statement when newer xsls are released. Until
the middle digit changes, there will be no changes in the interface
(i.e. no parameter names will change or behave in a different way). It's
not so much writing your own xsl, as maintiaining a list of preferences.
As for use.id.as.filename being off by default--don't know if it's the
reason, but problem mentioned in the Red Hat Network Alert below is
something to consider.

Good luck,
David

============cut here=================
<?xml version="1.0" encoding="US-ASCII"?>

<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform";
xmlns:doc="http://nwalsh.com/xsl/documentation/1.0"; version="1.0">

<!-- this pulls in the docbook.xsls. Note that import statements must
come before anything else -->
<xsl:import href="path/to/xhtml/chunk.xsl"/>

<!-- this will give you the doctype on your chunks -->
<xsl:output method="xml" encoding="ISO-8859-1" indent="no"
doctype-public="-//W3C//DTD XHTML 1.0 Transitional//EN"
doctype-system="http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";
/>

<!-- Here you can set the filename parameter, and any others you like
-->
<xsl:param name="use.id.as.filename" select="1"/> 

</xsl:stylesheet>
==============cut here=================

Date:
Wed, 1 May 2002 17:33:30 -0500

From:
"Red Hat Network Alert" <rhn-admin@rhn.redhat.com> | Block Address  |
Add to Address Book

Subject:
RHN Errata Alert: Insecure DocBook stylesheet option

To:
"dwcramer" <cramerdw@yahoo.com>

Red Hat Network has determined that the following advisory is
applicable to
one or more of the systems you have registered:

Complete information about this errata can be found at the following
location:
     https://rhn.redhat.com/network/errata/errata_details.pxt?eid=1065

Security Advisory - RHSA-2002:062-08
------------------------------------------------------------------------
------
Summary:
Insecure DocBook stylesheet option

DocBook is a document markup language that can be transformed into
other formats using a stylesheet.  The default stylesheet provided
with Red Hat Linux has an insecure option enabled.

Description:
The default stylesheet used when converting a DocBook document to
multiple HTML files allows an untrusted document to write files
outside of the current directory. This is because element
identifiers (specified in the document) are used to form the names of
the output files.  If an untrusted document uses a full pathname as an
identifier, it can cause that file to be written to -- as long as the
user performing the conversion has write access.

Updated docbook-utils packages are available that disable this
feature and enable filenames to be generated based on the type
of the element rather than its identifier.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2002-0169 to this issue. 

<snip>

> -----Original Message-----
> From: John Levon [mailto:levon@movementarian.org]
> Sent: Thursday, May 02, 2002 9:18 PM
> To: docbook-apps@lists.oasis-open.org
> Subject: DOCBOOK-APPS: Newbie troubles with Docbook/XML + XHTML
> 
> 
> 
> moz xhtml 286 xsltproc --version
> Using libxml 20413, libxslt 10010 and libexslt 703
> 
> xsl-stylesheets-1.48-3 installed at /usr/share/sgml/docbook
> 
> xsltproc 
> http://docbook.sourceforge.net/release/xsl/current/xhtml/docbo
> ok.xsl in.xml
> 
> I get a couple of problems :
> 
> 1) <dt xmlns="http://www.w3.org/1999/xhtml";> All tags have xmlns
>    specified. validator.w3.org does not like this at all. 
> Where does this
>    come from and how can I fix it ?
> 
> 2) using chunk.xsl instead of docbook.xsl, I don't get doctype
>    declarations in the XHTML files. How can I fix it ?
> 
> 3) using chunk.xsl, the file names are not very readable. 
> This seems to
> be because the chunk.xsl at docbook.sf.net does not specify 
> this option :
> 
> <xsl:param name="use.id.as.filename" select="1"/> 
> 
> Is there any reason this is not on by default ?
> 
> I do not know XSLT at all, and would like to avoid using
> hand-crafted .xsl files I would have to maintain (but it will do
> as a solution). Ideally the released files at docbook.sf.net would
> not have any of the three problems above (I am sure I am missing some
> good reason why these problems exist for me).
> 
> As it is, the machine-generated pages are the only part of my
> website which don't validate ...  can somebody help ?


 


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]