This is the mail archive of the xsl-list@mulberrytech.com mailing list .

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]

RE: xsl 1.1 security model?

To: <xsl-list at lists dot mulberrytech dot com>
Subject: RE: [xsl] xsl 1.1 security model?
From: "Michael Kay" <mhkay at iclway dot co dot uk>
Date: Thu, 22 Mar 2001 03:46:36 -0000
Reply-To: xsl-list at lists dot mulberrytech dot com

> There's an interesting problem with xslt 1.1 client-side security.
>
> Two of the main features are the document and script elements.

Is the problem any different from scripts/applets run from an HTML page in
the browser? Obviously a browser has to limit what such code can do, but I
can't see that XSL creates any new requirements beyond dynamic HTML.

> I think that the spec should say something about user-agents
> having the ability to disable xsl:script (for anything except XSLT, of
course).

I guess a note to that effect wouldn't do any harm. But of course the
implementor has the option to ignore xsl:script entirely, so such a note
wouldn't add anything substantive to the spec.

Mike Kay
Software AG


 XSL-List info and archive:  http://www.mulberrytech.com/xsl/xsl-list

Follow-Ups:
- Re: xsl 1.1 security model?
  - From: Francis Norton

References:
- xsl 1.1 security model?
  - From: Francis Norton

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]