This is the mail archive of the
xsl-list@mulberrytech.com
mailing list .
Re: xsl 1.1 security model?
- To: xsl-list at lists dot mulberrytech dot com
- Subject: Re: [xsl] xsl 1.1 security model?
- From: Francis Norton <francis at redrice dot com>
- Date: Mon, 26 Mar 2001 13:19:01 +0100
- References: <000f01c0b503$f2373e90$462b3c3e@PCUKMKA>
- Reply-To: xsl-list at lists dot mulberrytech dot com
Michael Kay wrote:
>
> >
> > And would an implementation that disabled the xsl:document element
> > client-side still be XSLT 1.1 compliant?
> >
> It's my understanding that Microsoft are reluctant to implement this feature
> client-side, and I think the spec is clear that it's not required for
> conformance.
>
Indeed, I should have spotted that
http://www.w3.org/TR/xslt11/#conformance states:
"A conforming XSLT processor need not be able to output the result in
XML or in any other form."
which implies that this feature need not implemented at all.
> This approach makes sense, since the requirement for the feature is mainly
> fur use during the publishing cycle, not in client-side rendering.
>
I think the most material differences between "the publishing cycle" and
"client-side rendering" are likely to be scaleability and security. I
can imagine rendering requirements such as creating framed content that
would really benefit from something like xsl:document if it could be
done securely. But this would probably be scope-creep for a minor
increment spec release...
Francis.
XSL-List info and archive: http://www.mulberrytech.com/xsl/xsl-list