This is the mail archive of the
xsl-list@mulberrytech.com
mailing list .
RE: xsl 1.1 security model?
- To: <xsl-list at lists dot mulberrytech dot com>
- Subject: RE: [xsl] xsl 1.1 security model?
- From: "Michael Kay" <mhkay at iclway dot co dot uk>
- Date: Sat, 24 Mar 2001 03:36:16 +0100
- Reply-To: xsl-list at lists dot mulberrytech dot com
> The ability to write to multiple named documents seems to me
> to be just
> as dangerous as the ability to call external scripts (if not more so -
> after all, ecmascript has no standard way of writing to named files).
>
> Should the xsl:document element be enabled client-side, or is
> the answer
> so obvious that the question didn't need asking?
>
> And would an implementation that disabled the xsl:document element
> client-side still be XSLT 1.1 compliant?
>
It's my understanding that Microsoft are reluctant to implement this feature
client-side, and I think the spec is clear that it's not required for
conformance.
This approach makes sense, since the requirement for the feature is mainly
fur use during the publishing cycle, not in client-side rendering.
Mike Kay
Software AG
XSL-List info and archive: http://www.mulberrytech.com/xsl/xsl-list